Visualizing SOC Insights as Offense in the QRadar

There will be a rule “Infoblox SOC Insights Rule” regularly monitoring the SOC Insights data ingested via API and data connector and it creates the offenses in the QRadar.

To see offense created via rule follow below steps.

1. Login to QRadar console.

2. Navigate to the Offenses tab.

3. Click on the All Offenses.

Here all the offenses will be displayed.

The SOC Insights offenses will have the description as “SOC Insights”. See below Image.

The recent comments fetched from the API will be added as part of the notes in the respective SOC Insights offense. 

When the SOC Insight is closed, respective offense will be closed with the closing comment.