Hello everyone, my team and I have upgraded QRadar from version 7.5.0 UP3 to 7.5.0 UP7 IF1; since then, our SOC is encountering some problems when retrieving offense data through a script that queries the API.

Specifically, they reported that the URL encoding when passing parameters to fetch offenses changed. They were able to develop a partial fix for their script, but they are also still working on a fix to fetch the underlying events of the offenses.

We were not able to find any info related to this in the changelogs, nor we were able to verify their claim since the scripts that we use to query the API never encountered any issues.

Did anyone have these kind of problems? How did you solve it?

I'm not aware of any encoding changes, but there was an update to add a new permission, which is called "Read-only"option to the API in QRadar 7.5.0 UP7. This was applied to several endpoints for log sources and offenses to allow a view option to scripts and other tools to only GET data from the endpoints. 

There is info about this change here, but if you have specific questions, let us know. 
https://www.ibm.com/docs/en/qsip/7.5?topic=new-qradar 

Hello everyone, my team and I have upgraded QRadar from version 7.5.0 UP3 to 7.5.0 UP7 IF1; since then, our SOC is encountering some problems when retrieving offense data through a script that queries the API.

Specifically, they reported that the URL encoding when passing parameters to fetch offenses changed. They were able to develop a partial fix for their script, but they are also still working on a fix to fetch the underlying events of the offenses.

We were not able to find any info related to this in the changelogs, nor we were able to verify their claim since the scripts that we use to query the API never encountered any issues.

Did anyone have these kind of problems? How did you solve it?