I'm new to QRadar and having problem of filter QRadar description field in Qradar REST api /siem/offense.
Can anyone suggest me how to filter offense description filed? for example I want to display any offense description start with the word Rule so only the first objective will display.
Data example
{
"description": "Rule_name 1",
"rules": [
{
"id": 104206,
"type": "CRE_RULE"
}
]
}, { "description": "exampel rule 1\n", "rules": [ { "id": 104206, "type": "CRE_RULE" } ] },
If you look at the field explanation. The offense description field is neither filterable nor sortable. You can try by fetching all the offenses and then filtering required offenses using some script.