Investigation Assistant tools

You can use the QRadar Investigation Assistant tools for AQL generation, AQL explanation, and offense summarization

Getting Started

  1. Go to the IBM QRadar Investigation Assistant main page
  2. Select an existing chat session from the chat history side panel, or start a new chat session.
  3. Describe what needs to be done to the assistant.
    AQL generation

    Ask the assistant to generate AQL queries by describing what you need.

    Format: Generate AQL to <Description of the AQL function>

    Example: Generate AQL to get 100 of my most recent events from today

    AQL Explanation
    Ask the assistant to explain existing AQL statements.

    Format: Explain the following AQL: <AQL Statement>

    Example: Explain the following AQL: SELECT * FROM events LIMIT 100

    Offense summarization
    Ask the assistant to summarize specific offenses.

    Format: Summarize offense <offense id>

    Example: Summarize offense 123

Note: For Rule summarization, ask the Investigation Assistant to Summarize rule <rule id>. For example: Summarize rule 123. The Rule summarization button is also available from the offense summarization response tile.