IBM QRadar

Hi 

I want to use REST API to filter description field in the offense data but I am keep getting error message

for example when I do 
description="XXXXX" then got following error


------------------------------
Linsong Guo
------------------------------

Just guessing here, but how about description ilike "xxxxx%" for case insensitive comparison. I am assuming description is a character field. I haven't messed with offenses in the API.



------------------------------
_____________________
Daniel Sichel
------------------------------

Original Message:
Sent: Wed July 01, 2020 01:50 AM
From: Linsong Guo
Subject: REST API filter for description field

Hi 

I want to use REST API to filter description field in the offense data but I am keep getting error message

for example when I do 
description="XXXXX" then got following error

An error occurred while the offense list was being retrieved.

Filtering is unsupported on the field: description

if I do 
description=xxxxx* then got following error

The filter parameter is not valid

A filter parameter was invalid. Please make sure that the syntax is correct: Error Parsing filter

Anyone have any suggestion regarding what syntax I should use when filtering description field?

Regards

------------------------------
Linsong Guo
------------------------------

Original Message:
Sent: 7/2/2020 10:23:00 AM
From: Daniel Sichel
Subject: RE: REST API filter for description field

Just guessing here, but how about description ilike "xxxxx%" for case insensitive comparison. I am assuming description is a character field. I haven't messed with offenses in the API.



------------------------------
_____________________
Daniel Sichel
------------------------------

Original Message:
Sent: Wed July 01, 2020 01:50 AM
From: Linsong Guo
Subject: REST API filter for description field

Hi 

I want to use REST API to filter description field in the offense data but I am keep getting error message

for example when I do 
description="XXXXX" then got following error

An error occurred while the offense list was being retrieved.

Filtering is unsupported on the field: description

if I do 
description=xxxxx* then got following error

The filter parameter is not valid

A filter parameter was invalid. Please make sure that the syntax is correct: Error Parsing filter

Anyone have any suggestion regarding what syntax I should use when filtering description field?

Regards

------------------------------
Linsong Guo
------------------------------

Hi Linsong Guo, indeed the description field is not filterable / Sortable.

------------------------------
Juan Ignacio Leon Plaza
Security Expert Labs Specialist
IBM
Santiago
------------------------------

Original Message:
Sent: Thu July 02, 2020 10:56 PM
From: Linsong Guo
Subject: REST API filter for description field

Hi Daniel

Thank you for your reply but it throw me error message Filtering is unsupported on the field: description

Does this mean the description field does not support any filter?

Regards

Linsong

Original Message:
Sent: 7/2/2020 10:23:00 AM
From: Daniel Sichel
Subject: RE: REST API filter for description field

Just guessing here, but how about description ilike "xxxxx%" for case insensitive comparison. I am assuming description is a character field. I haven't messed with offenses in the API.



------------------------------
_____________________
Daniel Sichel

Original Message:
Sent: Wed July 01, 2020 01:50 AM
From: Linsong Guo
Subject: REST API filter for description field

Hi 

I want to use REST API to filter description field in the offense data but I am keep getting error message

for example when I do 
description="XXXXX" then got following error

An error occurred while the offense list was being retrieved.

Filtering is unsupported on the field: description

if I do 
description=xxxxx* then got following error

The filter parameter is not valid

A filter parameter was invalid. Please make sure that the syntax is correct: Error Parsing filter

Anyone have any suggestion regarding what syntax I should use when filtering description field?

Regards

------------------------------
Linsong Guo
------------------------------

It looks like your best bet would be to launch the query from a python script and then filter the results programatically. 


------------------------------
_____________________
Daniel Sichel
------------------------------

Original Message:
Sent: Fri July 03, 2020 01:18 PM
From: Juan Ignacio Leon Plaza
Subject: REST API filter for description field

Hi Linsong Guo, indeed the description field is not filterable / Sortable.

------------------------------
Juan Ignacio Leon Plaza
Security Expert Labs Specialist
IBM
Santiago

Original Message:
Sent: Thu July 02, 2020 10:56 PM
From: Linsong Guo
Subject: REST API filter for description field

Hi Daniel

Thank you for your reply but it throw me error message Filtering is unsupported on the field: description

Does this mean the description field does not support any filter?

Regards

Linsong

Original Message:
Sent: 7/2/2020 10:23:00 AM
From: Daniel Sichel
Subject: RE: REST API filter for description field

Just guessing here, but how about description ilike "xxxxx%" for case insensitive comparison. I am assuming description is a character field. I haven't messed with offenses in the API.



------------------------------
_____________________
Daniel Sichel

Original Message:
Sent: Wed July 01, 2020 01:50 AM
From: Linsong Guo
Subject: REST API filter for description field

Hi 

I want to use REST API to filter description field in the offense data but I am keep getting error message

for example when I do 
description="XXXXX" then got following error

An error occurred while the offense list was being retrieved.

Filtering is unsupported on the field: description

if I do 
description=xxxxx* then got following error

The filter parameter is not valid

A filter parameter was invalid. Please make sure that the syntax is correct: Error Parsing filter

Anyone have any suggestion regarding what syntax I should use when filtering description field?

Regards

------------------------------
Linsong Guo
------------------------------

Hi Linsong Guo,
      Take a look at the api_doc of your Qradar deployment, you will see a description list of the available fields and also a a description indicating if the fields are able to be filtered or sorted, you will note the description field is not filterable nor sortable (API version: 13.1).

• id - Number - The ID of the offense. (Filterable. Sortable.)
• description - String - The description of the offense.
• assigned_to - String - The user the offense is assigned to. (Filterable. Sortable.)

Greetings,

Juan Ignacio León.

------------------------------
Juan Ignacio Leon Plaza
------------------------------

Original Message:
Sent: Wed July 01, 2020 01:50 AM
From: Linsong Guo
Subject: REST API filter for description field

Hi 

I want to use REST API to filter description field in the offense data but I am keep getting error message

for example when I do 
description="XXXXX" then got following error

An error occurred while the offense list was being retrieved.

Filtering is unsupported on the field: description

if I do 
description=xxxxx* then got following error

The filter parameter is not valid

A filter parameter was invalid. Please make sure that the syntax is correct: Error Parsing filter

Anyone have any suggestion regarding what syntax I should use when filtering description field?

Regards

------------------------------
Linsong Guo
------------------------------