Can't retrieve Destination IPs from Qradar #50
Description
Hi,
I can create alert on thehive with the Qradar workflow and add observables.
The problem is, when i watch the code of the Qradar2Alert is calling 2 methods for observable creation getSourceIPs and getDestinationIPs. Those functions catch from Qradar offenses the fields "source_address_ids" for source address and "local_destination_addresses" for destination address.
It work very well for source IPs but often it don't work for destination IPs because this field is empty despite "the remote_destination_count" is not equal to zero.
I've no idea where the destination IPs are stored and how can i catch them.
Someone already encountered this issue or can help me please ?
Thanks.