Searching the QRadar Ariel database

The Ariel search option is a custom action that SOAR users can run to search the QRadar® Ariel database for any artifact value from within SOAR. The search results are attached to the case as a .csv formatted attachment.

Before you begin

To run an Ariel search, you must enable the Enable SOAR users to search the Ariel databases from a Case checkbox on the Preferences tab in the QRadar SOAR Plug-in app configuration settings.

Procedure

  1. In SOAR, on the Artifacts tab, click the action menu of the artifact that you want to query and select QRadar Ariel Query for <message destination>.
  2. Select the type of Ariel query that you want to run.

    The search results are added as a .csv file on the Attachments tab.