IBM QRadar

IBM QRadar

Join this online user group to communicate across Security product users and IBM experts by sharing advice and best practices with peers and staying up to date regarding product enhancements.

 View Only

  • 1.  QRadar API for Modifying Event Category and Event ID in a New DSM

    Posted Thu May 09, 2024 12:06 PM

    Hello everyone,

    I recently developed a new DSM using the QRadar API (v20) and have successfully configured most of its settings. However, I am encountering challenges with modifying the 'Event Category' and 'Event ID' properties, as I wasn't able to find the relevant API endpoints in the official documentation.

    Has anyone managed to change these specific properties through the API, or can point me to where these endpoints might be documented? Any examples or guidance on how to achieve these modifications would be greatly appreciated.

    Thank you in advance for your help!

    Best regards,



    ------------------------------
    Lucian Constantin
    ------------------------------


  • 2.  RE: QRadar API for Modifying Event Category and Event ID in a New DSM

    Posted Mon May 13, 2024 07:56 AM

    Hello,

    if I understand your problem correctly (you want to modify already existing mappings) you can use method POST
    on the following endpoint:   /data_classification/dsm_event_mappings/{dsm_event_mapping_id}



    ------------------------------
    Peter Wenzl
    ------------------------------

    Original Message


  • 3.  RE: QRadar API for Modifying Event Category and Event ID in a New DSM

    Posted Wed May 22, 2024 03:41 AM

    My issue was updating the default mappings that comes with  a DSM.

    What was sorted by  creating a Log source extension and import it via API.

    This sorted my  problem.



    ------------------------------
    Lucian Constantin
    ------------------------------

    Original Message


Related Content