Investigation Assistant tools
You can use the QRadar Investigation Assistant tools for AQL generation, AQL explanation, and offense summarization
Getting Started
- Go to the IBM QRadar Investigation Assistant main page
- Select an existing chat session from the chat history side panel, or start a new chat session.
- Describe what needs to be done to the assistant.
- AQL generation
-
Ask the assistant to generate AQL queries by describing what you need.
Format:
Generate AQL to <Description of the AQL function>Example:
Generate AQL to get 100 of my most recent events from today - AQL Explanation
- Ask the assistant to explain existing AQL statements.
Format:
Explain the following AQL: <AQL Statement>Example:
Explain the following AQL: SELECT * FROM events LIMIT 100 - Offense summarization
- Ask the assistant to summarize specific offenses.
Format:
Summarize offense <offense id>Example:
Summarize offense 123
Note: For Rule summarization, ask the Investigation Assistant to
Summarize rule <rule id>. For example: Summarize rule
123. The Rule summarization button is also available from the
offense summarization response tile.