IBM Security QRadar

 View Only
  • 1.  Updating Reference Sets Using API

    Posted Mon December 06, 2021 03:24 PM
    Hello,

    Looking to automate updating reference sets using the API, but according to the interactive API this is DEPRECATED:
    POST - /reference_data/sets - DEPRECATED. 

    My question is does anyone know an alternate solution to automate updating an individual reference set using the Qradar API?






    ------------------------------
    MT
    ------------------------------


  • 2.  RE: Updating Reference Sets Using API

    Posted Tue December 07, 2021 08:58 AM
    Maybe you can start of with something similiar and update sets through powershell:

    Import-Module -Name PsIni

    $path = 'C:\test\config.ini'
    $ini = Get-IniContent -FilePath $path
    $ip = $ini['SIEM']['IP']
    $key = $ini['SIEM']['KEY']
    $DefineRefSet = "DEMO_IP"
    $myheads = @{'SEC' = $key }

    $mylist = Get-Content c:\test\mylist.txt

    ForEach($value in $mylist) {
    $url1 = "https://$ip/api/reference_data/sets/$DefineRefSet"
    $url2 = "?value=$value"
    $completeurl = $url1+$url2

    $json_data = Invoke-RestMethod -Uri $completeurl -Headers $myheads -Method Post

    }


    /T

    ------------------------------
    Tobias Söderberg
    ------------------------------



  • 3.  RE: Updating Reference Sets Using API

    Posted Tue December 07, 2021 12:49 PM

    Hi Michael,

    The original /reference_data/sets endpoints have been deprecated and will likely be removed eventually, but we've added the /reference_data_collections/sets endpoints to replace it. This is the beginning of a "v2" suite of improved APIs for managing reference data.

    Cheers
    Colin



    ------------------------------
    COLIN HAY
    IBM Security
    ------------------------------