QRadar - support Offenses being synced back to OpenCTI as cases.

[damians-filigran]

Use case

We would like the ability for Offenses created in QRadar to be synchronised back to OpenCTI, which would then create an IR case in OpenCTI for analysts to triage.

Current Workaround

No current solution; possibly export to CSV and import using CSV mapper

Proposed Solution

A connector that will connect to the QRadar API, and pull a filtered set of offenses (ie. not all, but a filtered set)

Additional Information

Some relevant links/videos are [here]: [Documentation for Offense(https://www.ibm.com/docs/en/qsip/7.5?topic=phase-qradar-rules-offenses) Video of example content for Offense review

Would you be willing to submit a PR?

We can assist with a test system/licence, and investigate the most appropriate integration/value mapping