From the /api/siem/offenses you can get the closing reason ID, from the /api/siem/offense_closing_reasons, you can see the actual reason, so you might want your script cros referencing that data.
Moises M
------------------------------
Moises Monge
------------------------------
Original Message:
Sent: Thu August 19, 2021 11:07 AM
From: Josh Vasquez
Subject: Creating Report with API
I'm trying to create a custom report via the api but I'm running into a issue. I'm not sure how to pull the closing reason and add it to the json file.
Here is what I'm currently using to pull the data: curl -S -X GET -u username -H 'Range: items=0-49' -H 'Version: 15.1' -H 'Accept: application/json' 'https://qradar.blaa.com/api/siem/offenses?fields=id%2Cclosing_user%2Cdescription%2Cmagnitude'
Any help would be appreciated.
------------------------------
Josh Vasquez
------------------------------