not sure what you are looking for.
API documentation in admin GUI will show your individual URI for your GET and POST commands as well as the "base" URI.
CLI sample output:
[root@localhost ~]# curl -s -X GET -u admin -H 'Version: 12.0' -H 'Accept: application/json' 'https://192.168.1.80/api/siem/offenses/100'
Enter host password for user 'admin':
{"username_count":1,"description":"Suspicious Activity Followed by Endpoint Administration task\n preceded by Recovery Disabled in Boot Options\n containing Success Audit: A new process has been created\n","rules":[{"id":106322,"type":"CRE_RULE"},{"id":103322,"type":"CRE_RULE"}],"event_count":21,"flow_count":0,"assigned_to":null,"security_category_count":2,"follow_up":false,"source_address_ids":[343],"source_count":1,"inactive":false,"protected":false,"closing_user":null,"destination_networks":["Net-10-172-192.Net_192_168_0_0"],"source_network":"Net-10-172-192.Net_192_168_0_0","category_count":2,"close_time":null,"remote_destination_count":0,"start_time":1630523087016,"magnitude":5,"last_updated_time":1630523088523,"credibility":3,"id":100,"categories":["Process Creation Success","Suspicious Activity"],"severity":8,"policy_category_count":0,"log_sources":[{"type_name":"EventCRE","type_id":18,"name":"Custom Rule Engine-8 :: localhost","id":63},{"type_name":"WindowsAuthServer","type_id":12,"name":"windows106","id":412}],"closing_reason_id":null,"device_count":2,"offense_type":51,"relevance":4,"domain_id":0,"offense_source":"ADNB-SD","local_destination_address_ids":[10],"local_destination_count":1,"status":"OPEN"}[root@localhost ~]#
In this case password is entered interactively on the host itself. When your request is issued by script, you need to supply an auth token using the -H parameter, see sample offense script below
#!/bin/bash
console_ip=$1
api_token=$2
offense_id=$3
auth_header="SEC:$api_token"
output=$(curl -k -H $auth_header
https://$console_ip/console/restapi/api/siem/offenses/$offense_id)# Basic print out of the output of the command
echo $output
Of course you can use hostnames instead of IP addresses if your local DNS is setup.
hope this helps
------------------------------
[Karl] [Jaeger] [Business Partner]
[QRadar Specialist]
[pro4bizz]
[Karlsruhe] [Germany]
[4972190981722]
------------------------------
Original Message:
Sent: Wed August 25, 2021 03:47 AM
From: Le Hieu
Subject: How to determine QRadar API base URI?
Hi all. Can some one guide me how to determine QRadar API base URI?
Thanks so much!
------------------------------
Le Hieu
------------------------------