Learn more >
Get the code
View the demo
by Rahul Reddy Ravipally, Balaji Kadambi, Manjula Hosurmath | Updated August 27, 2019 - Published August 28, 2019
L1 security personnel have lots of manual work, which can be significantly automated to minimize effort and increase efficiency. One such L1 activity is to check whether the offense triggered on QRadar® is valid by using rule-based validation. Robotic process automation (RPA) is software that helps automate the highly repetitive tasks many security employees perform, often at the expense of creative problem-solving and customer-centric work. In this developer code pattern, we have developed a methodology to determine if the offense is valid or invalid. Applying this pattern can significantly bring down the time L1 security personnel spends on manual validation.
We will demonstrate the automation with the following use case. A vehicle has been assigned a speed limit of 100 kph. If the speed of the vehicle exceeds 100 kph, it is a violation. If the vehicle’s speed exceeds 100 kph twice within 15 min, an offense will be generated on QRadar. In this code pattern, we will manually send speed violation events and generate an offense on QRadar. Once the offense shows up on QRadar, the offenses watch application will automatically detect the offense and trigger the validation bot. This bot will run the validation application to validate the detected offense and tell us if it is valid or invalid.
When you have completed this code pattern, you will understand how to:
Ready to give it a try? Check out the README for step-by-step instructions.
Get the Code »
Back to top