Pinned topic AQL query to select by rule group

I am looking for a method to be able to query QRadar for events which matched any rule from a rule group.

I found only matching for exact rule and partially match rules.


Anyone known if and how it might be achieved?

  • HasanGenc
    Re: AQL query to select by rule group



    This case is not resolved or searched according to AQL documentation. However, I have been looking for this property searching and any group offense count on daily for reporting over QRadar.

    I am glad if there is any way or solution and is shared with us? Thanks in advance