IBM QRadar

IBM QRadar

Join this online user group to communicate across Security product users and IBM experts by sharing advice and best practices with peers and staying up to date regarding product enhancements.

 View Only

  • 1.  Filter AQL with domain id

    Posted Wed June 19, 2019 11:22 AM
    Our plugin allows user to enter an AQL query, and we call QRadar API to execute the query.

    Now we want to limit the search to certain domain. What is the best way to do it please?
    Do we need to parse the AQL and then add the domain filter into the WHERE clause?
    Is there an API parameter for domain filtering?

    Thanks,

    ------------------------------
    Yongjian Feng
    ------------------------------


  • 2.  RE: Filter AQL with domain id

    Posted Wed June 19, 2019 03:41 PM
    It depends :)

    - How does do you app authorize itself ? If you generate a token as a user, and if your app uses that token, then the app will only see the domains that that use can see. You don't need to modify the AQL

    - If you app uses an admin token, i.e. can see all domains, then yes, you'd need to add domainid to the where clause..

    ------------------------------
    Christopher Meenan
    ------------------------------

    Original Message


Related Content