QRadar XDR

  • 1.  Creating Report with API

    Posted Thu August 19, 2021 02:02 PM
    I'm trying to create a custom report via the api  but I'm running into a issue. I'm  not sure how to pull the closing reason and add it to the json file.

    Here is what I'm currently using to pull the data: curl -S -X GET -u username -H 'Range: items=0-49' -H 'Version: 15.1' -H 'Accept: application/json' 'https://qradar.blaa.com/api/siem/offenses?fields=id%2Cclosing_user%2Cdescription%2Cmagnitude'

    Any help would be appreciated.


    ------------------------------
    Josh Vasquez
    ------------------------------


  • 2.  RE: Creating Report with API

    Posted Fri August 20, 2021 10:19 AM
    From the /api/siem/offenses you can get the closing reason ID, from the /api/siem/offense_closing_reasons, you can see the actual reason, so you might want your script cros referencing that data.


    Moises M

    ------------------------------
    Moises Monge
    ------------------------------



  • 3.  RE: Creating Report with API

    Posted Fri August 20, 2021 10:27 AM
    Ah ok I see now I just need to figure out how to script it... Thanks for the info!

    ------------------------------
    Josh Vasquez
    ------------------------------



  • 4.  RE: Creating Report with API

    Posted Fri August 20, 2021 11:49 AM
    Cool!

    ------------------------------
    Moises Monge
    ------------------------------