Maybe you can start of with something similiar and update sets through powershell:
Import-Module -Name PsIni
$path = 'C:\test\config.ini'
$ini = Get-IniContent -FilePath $path
$ip = $ini['SIEM']['IP']
$key = $ini['SIEM']['KEY']
$DefineRefSet = "DEMO_IP"
$myheads = @{'SEC' = $key }
$mylist = Get-Content c:\test\mylist.txt
ForEach($value in $mylist) {
$url1 = "https://$ip/api/reference_data/sets/$DefineRefSet"
$url2 = "?value=$value"
$completeurl = $url1+$url2
$json_data = Invoke-RestMethod -Uri $completeurl -Headers $myheads -Method Post
}
/T
------------------------------
Tobias Söderberg
------------------------------
Original Message:
Sent: Mon December 06, 2021 02:34 PM
From: Michael Thompson
Subject: Updating Reference Sets Using API
Hello,
Looking to automate updating reference sets using the API, but according to the interactive API this is DEPRECATED:
POST - /reference_data/sets - DEPRECATED.
My question is does anyone know an alternate solution to automate updating an individual reference set using the Qradar API?
------------------------------
MT
------------------------------