IBM Support

"Offense with id xxxx not found" when trying to escalate an offense to SOAR

Troubleshooting


Problem

A nonadmin user in QRadar might see "Offense with id xxxx not found" appear when manually escalate an offense to IBM QRadar SOAR. The incident is not created.

Symptom

The user sees a pop-up in the QRadar console, "Offense with id xxxx not found."
Looking at the plug-in's app.log the following is seen.
2022-06-24 12:26:27,509 [Thread-11698] [ERROR] [APP_ID:1401] [NOT:0000003000] GET api/config/domain_management/domains/0 failed. Endpoint returned [404].
2022-06-24 12:28:13,534 [Thread-11702] [INFO] [APP_ID:1401] [NOT:0000006000] endpoint is config.get_escalate_button_data
Using the QRadar Interactive API, queries to the /domain_management/0 end point fail for nonadmin users but work for users with an admin security profile.

Document Location

Worldwide

[{"Type":"MASTER","Line of Business":{"code":"LOB77","label":"Automation Platform"},"Business Unit":{"code":"BU048","label":"IBM Software"},"Product":{"code":"SSA230","label":"IBM Security QRadar SOAR"},"ARM Category":[{"code":"a8m0z0000001gyGAAQ","label":"Integrations-\u003EQRadar app"}],"ARM Case Number":"","Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"All Versions"},{"Type":"MASTER","Line of Business":{"code":"LOB77","label":"Automation Platform"},"Business Unit":{"code":"BU048","label":"IBM Software"},"Product":{"code":"SSEGM63","label":"IBM Security QRadar SOAR on Cloud"},"ARM Category":[{"code":"a8m0z0000001gyGAAQ","label":"Integrations-\u003EQRadar app"}],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"All Versions"},{"Type":"MASTER","Line of Business":{"code":"LOB77","label":"Automation Platform"},"Business Unit":{"code":"BU048","label":"IBM Software"},"Product":{"code":"SSTDPP","label":"IBM Cloud Pak for Security"},"ARM Category":[{"code":"a8m0z0000001h8pAAA","label":"Cases"}],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"All Versions"}]

Log InLog in to view more of this document

This document has the abstract of a technical article that is available to authorized users once you have logged on. Please use Log in button above to access the full document. After log in, if you do not have the right authorization for this document, there will be instructions on what to do next.

Document Information

Modified date:
13 July 2022

UID

ibm16601557

Page Feedback