Import from multiple QRadar instances

[schovol]

trafficstars

As a MSSP we need to import offenses from multiple customer QRadar instances. I am missing a filed for distinguishing between different source in the alerts list. How about adding a tag or setting the source apppropriately?

[aymansabri]

I have the same question , I want to connect multiple QRadar client to thehive4, each QRadar IP linked to an organisation.

How can we do that with just one Synapse instance running ?

[ihebski]

hello @schovol under QRadar2Alert.py you can add a specific tag in line 104 tags = ['QRadar', 'Offense', 'Synapse'] that specify the QR instance name or ID per running Synapse.