QRadar - Get Offense Logs fix

demisto · Mar 2, 2025 · 2874c73 · 2874c73
1 parent b40dc1c
commit 2874c73
Show file tree

Hide file tree

Showing 3 changed files with 26 additions and 29 deletions.
diff --git a/Packs/QRadar/Playbooks/playbook-QRadar_-_Get_Offense_Logs.yml b/Packs/QRadar/Playbooks/playbook-QRadar_-_Get_Offense_Logs.yml
@@ -587,33 +587,26 @@ tasks:
     note: false
     timertriggers: []
     ignoreworker: false
-    fieldMapping:
-    - incidentfield: Source IPs
-      output:
-        simple: ${QRadar.SourceIP}
-    - incidentfield: Destination IPs
-      output:
-        simple: ${QRadar.DestinationIP}
-    - incidentfield: Usernames
-      output:
-        simple: ${QRadar.Username}
-    - incidentfield: High Level Categories
-      output:
-        simple: ${QRadar.HighLevelCategory}
-    - incidentfield: Low Level Categories Events
-      output:
-        simple: ${QRadar.LowLevelCategory}
-    - incidentfield: Event Names
-      output:
-        simple: ${QRadar.QidName}
-    - incidentfield: Start Time
-      output:
-        simple: ${QRadar.StartTime}
     skipunavailable: false
     quietmode: 0
     isoversize: false
     isautoswitchedtoquietmode: false
     continueonerrortype: ""
+    scriptarguments:
+      destinationips:
+        simple: ${QRadar.DestinationIP}
+      eventnames:
+        simple: ${QRadar.QidName}
+      highlevelcategories:
+        simple: ${QRadar.HighLevelCategory}
+      lowlevelcategoriesevents:
+        simple: ${QRadar.LowLevelCategory}
+      sourceips:
+        simple: ${QRadar.SourceIP}
+      starttime:
+        simple: ${QRadar.StartTime}
+      usernames:
+        simple: ${QRadar.Username}
   "43":
     id: "43"
     taskid: 5b1f21a3-d877-4c47-8bfa-2ae86d5f40e4
@@ -684,9 +677,7 @@ tasks:
           transformers:
           - operator: FormattedDateToEpoch
             args:
-              formatter:
-                value:
-                  simple: '%Y-%m-%dT%H:%M:%S.%f+00:00'
+              formatter: {}
           - operator: multiply
             args:
               by:
@@ -733,9 +724,7 @@ tasks:
           transformers:
           - operator: FormattedDateToEpoch
             args:
-              formatter:
-                value:
-                  simple: '%Y-%m-%dT%H:%M:%S.%f+00:00'
+              formatter: {}
     separatecontext: false
     continueonerrortype: ""
     view: |-

diff --git a/Packs/QRadar/ReleaseNotes/2_5_12.md b/Packs/QRadar/ReleaseNotes/2_5_12.md
@@ -0,0 +1,8 @@
+
+#### Playbooks
+
+##### QRadar - Get Offense Logs
+
+- Fixed an issue where the playbook failed due to a hardcoded time format in the **FormattedDateToEpoch** transformer.  
+- Fixed a warning in the final task by ensuring the **setIncidents** command includes the required arguments.
+
diff --git a/Packs/QRadar/pack_metadata.json b/Packs/QRadar/pack_metadata.json
@@ -2,7 +2,7 @@
     "name": "IBM QRadar",
     "description": "Fetch offenses as incidents and search QRadar",
     "support": "xsoar",
-    "currentVersion": "2.5.11",
+    "currentVersion": "2.5.12",
     "author": "Cortex XSOAR",
     "url": "https://www.paloaltonetworks.com/cortex",
     "email": "",