IBM Security QRadar

 View Only
Expand all | Collapse all

QRadar API for Modifying Event Category and Event ID in a New DSM

  • 1.  QRadar API for Modifying Event Category and Event ID in a New DSM

    Posted Thu May 09, 2024 12:06 PM

    Hello everyone,

    I recently developed a new DSM using the QRadar API (v20) and have successfully configured most of its settings. However, I am encountering challenges with modifying the 'Event Category' and 'Event ID' properties, as I wasn't able to find the relevant API endpoints in the official documentation.

    Has anyone managed to change these specific properties through the API, or can point me to where these endpoints might be documented? Any examples or guidance on how to achieve these modifications would be greatly appreciated.

    Thank you in advance for your help!

    Best regards,



    ------------------------------
    Lucian Constantin
    ------------------------------


  • 2.  RE: QRadar API for Modifying Event Category and Event ID in a New DSM

    Posted Mon May 13, 2024 07:56 AM

    Hello,

    if I understand your problem correctly (you want to modify already existing mappings) you can use method POST
    on the following endpoint:   /data_classification/dsm_event_mappings/{dsm_event_mapping_id}



    ------------------------------
    Peter Wenzl
    ------------------------------

    Original Message


  • 3.  RE: QRadar API for Modifying Event Category and Event ID in a New DSM

    Posted Wed May 22, 2024 03:41 AM

    My issue was updating the default mappings that comes with  a DSM.

    What was sorted by  creating a Log source extension and import it via API.

    This sorted my  problem.



    ------------------------------
    Lucian Constantin
    ------------------------------

    Original Message