IBM Security QRadar

I am looking for a way to import Assets into QRadar regularly.   The existing CSV import from the WebUI only support 4 fields IP, name, weight, description.   

I found a very old script on Github that can import other field via API but I can't get it to work since it is based on Python 2.  Do you have a more updated script that can do the similar function?   I am looking for a way to import asset information with the Owner, Technical Contact and custom field.


data-import/assets at master · ibm-security-intelligence/data-import

GitHub		remove preview
data-import/assets at master · ibm-security-intelligence/data-import A simple utility to load a CSV file with asset information into the QRadar asset model based on IP address (which must exist in QRadar). The first column of the first line of the file must be 'ipaddress'. The remaining columns of the file must contain field name headers that match the asset properties being loaded. View this on GitHub >

------------------------------
Raymond Tam
------------------------------

Hello Raymond,

as you have already noticed, only these 4 fields are supported.
maintaining asset information is a bit more complex. But the context information you mentioned can be wonderfully maintained and updated via the API.
Depending on the skill, the API can be addressed via python or alternatively with powershell. In order to update an asset with additional context, the respective asset id is addressed and the corresponding fields and values ​​are transferred.

Perhaps the following video by Jose Bravo on the subject of 'qradar api 101' will help you.
https://www.youtube.com/watch?v=swGI5QWB29g

Best Regards,
Ralph

------------------------------
Ralph Belfiore
SIEM Expert
pro4bizz GmbH
Karlsruhe
+4972190981727
------------------------------

Original Message:
Sent: Fri October 15, 2021 07:47 PM
From: Raymond Tam
Subject: Import Asset from CSV using python script via API

I am looking for a way to import Assets into QRadar regularly.   The existing CSV import from the WebUI only support 4 fields IP, name, weight, description.   

I found a very old script on Github that can import other field via API but I can't get it to work since it is based on Python 2.  Do you have a more updated script that can do the similar function?   I am looking for a way to import asset information with the Owner, Technical Contact and custom field.


data-import/assets at master · ibm-security-intelligence/data-import

GitHub		remove preview
data-import/assets at master · ibm-security-intelligence/data-import A simple utility to load a CSV file with asset information into the QRadar asset model based on IP address (which must exist in QRadar). The first column of the first line of the file must be 'ipaddress'. The remaining columns of the file must contain field name headers that match the asset properties being loaded. View this on GitHub >

------------------------------
Raymond Tam
------------------------------

I would be surprised if the old script is capable of more than the API.  Myself and others have had discussions about interfacing with the asset tables in QR.  I would like to write an app to handle that import/export better.  QRadar does handle multihomed assets for instance, but the API for assets does not work for them at all.

A better way to import assets is via vulnerability scanners.  Perhaps emulating the output from a scanner like tenable security center, nessus or Qualys would better.  Certainly more fields to play with.

------------------------------
Frank Eargle
------------------------------

Original Message:
Sent: Fri October 15, 2021 07:47 PM
From: Raymond Tam
Subject: Import Asset from CSV using python script via API

I am looking for a way to import Assets into QRadar regularly.   The existing CSV import from the WebUI only support 4 fields IP, name, weight, description.   

I found a very old script on Github that can import other field via API but I can't get it to work since it is based on Python 2.  Do you have a more updated script that can do the similar function?   I am looking for a way to import asset information with the Owner, Technical Contact and custom field.


data-import/assets at master · ibm-security-intelligence/data-import

GitHub		remove preview
data-import/assets at master · ibm-security-intelligence/data-import A simple utility to load a CSV file with asset information into the QRadar asset model based on IP address (which must exist in QRadar). The first column of the first line of the file must be 'ipaddress'. The remaining columns of the file must contain field name headers that match the asset properties being loaded. View this on GitHub >

------------------------------
Raymond Tam
------------------------------

There was also recently a User Group where they presented an App "2021 08 18 - Deep Dive - IBM QRadar CMDB Integration App" for that but i was not able to find the App. https://ibm.ent.box.com/v/QRadar-User-Group/folder/139167604467

------------------------------
Martin Schmitt
------------------------------

Original Message:
Sent: Tue October 19, 2021 06:56 AM
From: Frank Eargle
Subject: Import Asset from CSV using python script via API

I would be surprised if the old script is capable of more than the API.  Myself and others have had discussions about interfacing with the asset tables in QR.  I would like to write an app to handle that import/export better.  QRadar does handle multihomed assets for instance, but the API for assets does not work for them at all.

A better way to import assets is via vulnerability scanners.  Perhaps emulating the output from a scanner like tenable security center, nessus or Qualys would better.  Certainly more fields to play with.

------------------------------
Frank Eargle

Original Message:
Sent: Fri October 15, 2021 07:47 PM
From: Raymond Tam
Subject: Import Asset from CSV using python script via API

I am looking for a way to import Assets into QRadar regularly.   The existing CSV import from the WebUI only support 4 fields IP, name, weight, description.   

I found a very old script on Github that can import other field via API but I can't get it to work since it is based on Python 2.  Do you have a more updated script that can do the similar function?   I am looking for a way to import asset information with the Owner, Technical Contact and custom field.


data-import/assets at master · ibm-security-intelligence/data-import

GitHub		remove preview
data-import/assets at master · ibm-security-intelligence/data-import A simple utility to load a CSV file with asset information into the QRadar asset model based on IP address (which must exist in QRadar). The first column of the first line of the file must be 'ipaddress'. The remaining columns of the file must contain field name headers that match the asset properties being loaded. View this on GitHub >

------------------------------
Raymond Tam
------------------------------

Thank you for all the information and suggestions.  I will review all the options to see if I can get a better ideas..   If you have new update, please feel free to share again.

------------------------------
Raymond Tam
------------------------------

Original Message:
Sent: Wed October 20, 2021 04:03 AM
From: Martin Schmitt
Subject: Import Asset from CSV using python script via API

There was also recently a User Group where they presented an App "2021 08 18 - Deep Dive - IBM QRadar CMDB Integration App" for that but i was not able to find the App. https://ibm.ent.box.com/v/QRadar-User-Group/folder/139167604467

------------------------------
Martin Schmitt

Original Message:
Sent: Tue October 19, 2021 06:56 AM
From: Frank Eargle
Subject: Import Asset from CSV using python script via API

I would be surprised if the old script is capable of more than the API.  Myself and others have had discussions about interfacing with the asset tables in QR.  I would like to write an app to handle that import/export better.  QRadar does handle multihomed assets for instance, but the API for assets does not work for them at all.

A better way to import assets is via vulnerability scanners.  Perhaps emulating the output from a scanner like tenable security center, nessus or Qualys would better.  Certainly more fields to play with.

------------------------------
Frank Eargle

Original Message:
Sent: Fri October 15, 2021 07:47 PM
From: Raymond Tam
Subject: Import Asset from CSV using python script via API

I am looking for a way to import Assets into QRadar regularly.   The existing CSV import from the WebUI only support 4 fields IP, name, weight, description.   

I found a very old script on Github that can import other field via API but I can't get it to work since it is based on Python 2.  Do you have a more updated script that can do the similar function?   I am looking for a way to import asset information with the Owner, Technical Contact and custom field.


data-import/assets at master · ibm-security-intelligence/data-import

GitHub		remove preview
data-import/assets at master · ibm-security-intelligence/data-import A simple utility to load a CSV file with asset information into the QRadar asset model based on IP address (which must exist in QRadar). The first column of the first line of the file must be 'ipaddress'. The remaining columns of the file must contain field name headers that match the asset properties being loaded. View this on GitHub >

------------------------------
Raymond Tam
------------------------------

I watched the entire QRadar CMDB Integration App user group recording.  They never mention where to get a copy of the app.  I guess we both facing the same issue.   If anyone knows where we can get a copy of the app, please share

------------------------------
Raymond Tam
------------------------------

Original Message:
Sent: Wed October 20, 2021 04:03 AM
From: Martin Schmitt
Subject: Import Asset from CSV using python script via API

There was also recently a User Group where they presented an App "2021 08 18 - Deep Dive - IBM QRadar CMDB Integration App" for that but i was not able to find the App. https://ibm.ent.box.com/v/QRadar-User-Group/folder/139167604467

------------------------------
Martin Schmitt

Original Message:
Sent: Tue October 19, 2021 06:56 AM
From: Frank Eargle
Subject: Import Asset from CSV using python script via API

I would be surprised if the old script is capable of more than the API.  Myself and others have had discussions about interfacing with the asset tables in QR.  I would like to write an app to handle that import/export better.  QRadar does handle multihomed assets for instance, but the API for assets does not work for them at all.

A better way to import assets is via vulnerability scanners.  Perhaps emulating the output from a scanner like tenable security center, nessus or Qualys would better.  Certainly more fields to play with.

------------------------------
Frank Eargle

Original Message:
Sent: Fri October 15, 2021 07:47 PM
From: Raymond Tam
Subject: Import Asset from CSV using python script via API

I am looking for a way to import Assets into QRadar regularly.   The existing CSV import from the WebUI only support 4 fields IP, name, weight, description.   

I found a very old script on Github that can import other field via API but I can't get it to work since it is based on Python 2.  Do you have a more updated script that can do the similar function?   I am looking for a way to import asset information with the Owner, Technical Contact and custom field.


data-import/assets at master · ibm-security-intelligence/data-import

GitHub		remove preview
data-import/assets at master · ibm-security-intelligence/data-import A simple utility to load a CSV file with asset information into the QRadar asset model based on IP address (which must exist in QRadar). The first column of the first line of the file must be 'ipaddress'. The remaining columns of the file must contain field name headers that match the asset properties being loaded. View this on GitHub >

------------------------------
Raymond Tam
------------------------------