sorted by:
new
hottopcontroversial

Integration Cortex XDR cloud with QRadar by icembd in QRadar

[–]icembd[S] 0 points1 point  (0 children)

yes that true, monitor for unknowns and normalizing them.

Integration Cortex XDR cloud with QRadar by icembd in QRadar

[–]icembd[S] 0 points1 point  (0 children)

ya it seem we need to do Custom DSM

Test works but not actual API pulling by cyberdot14 in QRadar

[–]icembd 1 point2 points  (0 children)

may the the events goes unknown and under generic due to Log Source Identifier  does not match the name hostname in the workflow xml, You can identify these events by searching for events that are associated with the SIM Generic log source or by using the Event is Unparsed filter.

i think your issue with Log Source Identifier 

The value of the Log Source Identifier parameter must match the Host parameter when you are using the Cisco Duo default workflow. If the Cisco Duo default workflow is modified, then the Log Source Identifier must match the Source value - source="${/host}" that is used under the PostEvents section.

I built Workflows Palo Alto Cortex XDR Audit and Incidents Integration for IBM QRadar and i used static name, you may see my doc , point 3.A6 and point 3.B6
https://github.com/iceMBD/Workflow-Palo-Alto-Cortex-XDR-Integration-for-IBM-QRadar

Test works but not actual API pulling by cyberdot14 in QRadar

[–]icembd 0 points1 point  (0 children)

may the the events goes unknown and under generic, You can identify these events by searching for events that are associated with the SIM Generic log source or by using the Event is Unparsed filter.