Skip to main content

Hello,
I have a QRadar connector configured on my SOAR instance, it is working fine, the logs arrive correctly and cases are being generated.
The issue is that in QRadar there are some Custom Fields that are not ingested correctly.

I do have configured the custom fields on the connector page like this:

The fact is that I get the Filename and Request field, but I got some issue on the "SHA 256" field, I think the problem is the space present in the custom field.

How do the SOAR translate the space? Do I have to write SHA_256 or something like this?

Thanks in advance!

Hey @Lun ,

The way this connector fetches data is by building an AQL query. I would suggest to check, how you need to provide custom fields with whitespace inside Qradar first. It's been a while since I worked on Qradar, but maybe 'SHA 256' input with quotes will be the one needed. Though, there maybe a need to do escaping as well. 

Hey @Lun ,

The way this connector fetches data is by building an AQL query. I would suggest to check, how you need to provide custom fields with whitespace inside Qradar first. It's been a while since I worked on Qradar, but maybe 'SHA 256' input with quotes will be the one needed. Though, there maybe a need to do escaping as well. 


Thanks @ylandovskyy!
I checked the connector details, I found the Query that the connector launches on Qradar and I saw that the custom field is automatically put between double quotes, so my configuration was right! but SOAR decided to hide the custom field I configured.

All's well that ends well!

Reply


Terms & ConditionsCookie settings
Privacy Policy Terms of Service Gen AI Policy Community Guidelines Cookie Settings

© 2025 Google. All rights reserved.