IBM QRadar

I'm trying to create a custom report via the api  but I'm running into a issue. I'm  not sure how to pull the closing reason and add it to the json file.

Here is what I'm currently using to pull the data: curl -S -X GET -u username -H 'Range: items=0-49' -H 'Version: 15.1' -H 'Accept: application/json' 'https://qradar.blaa.com/api/siem/offenses?fields=id%2Cclosing_user%2Cdescription%2Cmagnitude'

Any help would be appreciated.

------------------------------
Josh Vasquez
------------------------------

From the /api/siem/offenses you can get the closing reason ID, from the /api/siem/offense_closing_reasons, you can see the actual reason, so you might want your script cros referencing that data.


Moises M

------------------------------
Moises Monge
------------------------------

Original Message:
Sent: Thu August 19, 2021 11:07 AM
From: Josh Vasquez
Subject: Creating Report with API

I'm trying to create a custom report via the api  but I'm running into a issue. I'm  not sure how to pull the closing reason and add it to the json file.

Here is what I'm currently using to pull the data: curl -S -X GET -u username -H 'Range: items=0-49' -H 'Version: 15.1' -H 'Accept: application/json' 'https://qradar.blaa.com/api/siem/offenses?fields=id%2Cclosing_user%2Cdescription%2Cmagnitude'

Any help would be appreciated.

------------------------------
Josh Vasquez
------------------------------

Ah ok I see now I just need to figure out how to script it... Thanks for the info!

------------------------------
Josh Vasquez
------------------------------

Original Message:
Sent: Fri August 20, 2021 09:42 AM
From: Moises Monge
Subject: Creating Report with API

From the /api/siem/offenses you can get the closing reason ID, from the /api/siem/offense_closing_reasons, you can see the actual reason, so you might want your script cros referencing that data.


Moises M

------------------------------
Moises Monge

Original Message:
Sent: Thu August 19, 2021 11:07 AM
From: Josh Vasquez
Subject: Creating Report with API

I'm trying to create a custom report via the api  but I'm running into a issue. I'm  not sure how to pull the closing reason and add it to the json file.

Here is what I'm currently using to pull the data: curl -S -X GET -u username -H 'Range: items=0-49' -H 'Version: 15.1' -H 'Accept: application/json' 'https://qradar.blaa.com/api/siem/offenses?fields=id%2Cclosing_user%2Cdescription%2Cmagnitude'

Any help would be appreciated.

------------------------------
Josh Vasquez
------------------------------

Cool!

------------------------------
Moises Monge
------------------------------

Original Message:
Sent: Fri August 20, 2021 10:26 AM
From: Josh Vasquez
Subject: Creating Report with API

Ah ok I see now I just need to figure out how to script it... Thanks for the info!

------------------------------
Josh Vasquez

Original Message:
Sent: Fri August 20, 2021 09:42 AM
From: Moises Monge
Subject: Creating Report with API

From the /api/siem/offenses you can get the closing reason ID, from the /api/siem/offense_closing_reasons, you can see the actual reason, so you might want your script cros referencing that data.


Moises M

------------------------------
Moises Monge

Original Message:
Sent: Thu August 19, 2021 11:07 AM
From: Josh Vasquez
Subject: Creating Report with API

I'm trying to create a custom report via the api  but I'm running into a issue. I'm  not sure how to pull the closing reason and add it to the json file.

Here is what I'm currently using to pull the data: curl -S -X GET -u username -H 'Range: items=0-49' -H 'Version: 15.1' -H 'Accept: application/json' 'https://qradar.blaa.com/api/siem/offenses?fields=id%2Cclosing_user%2Cdescription%2Cmagnitude'

Any help would be appreciated.

------------------------------
Josh Vasquez
------------------------------