Generates a detection alert for each IBM QRadar offense written to the configured indices and promotes those offense records as Elastic detection alerts, enabling analysts to investigate QRadar offenses directly in the Elastic Security app with full offense context (rule name, severity, status, contributing events, and log sources). The rule ingests offenses from the IBM QRadar integration into the logs-ibm_qradar.offense-* index pattern and triggers on events matching event.kind: alert with data_stream.dataset: ibm_qradar.offense, using event.ingested for timestamps. It assigns a default risk score of 47 and includes a severity mapping between QRadar offense severity and Elastic risk values (low=21, medium=47, high=73, critical=99). The rule can generate up to 1000 signals per run and runs with a 1-minute interval. Setup notes explain potential duplicates when used with the External Alerts promotion rule and advise configuring exceptions for data_stream.dataset:ibm_qradar.offense to avoid duplicate alerts. The rule emphasizes triage guidance and remediation steps to investigate QRadar offenses quickly and thoroughly.