ok I'll try it again.
Original Message:
Sent: Mon June 05, 2023 09:29 AM
From: Dusan VIDOVIC
Subject: QRadar data into PowerBi
I tried it in my lab (though quite some time ago) and it worked.
------------------------------
Dusan VIDOVIC
Original Message:
Sent: Mon June 05, 2023 07:29 AM
From: osama ahmed
Subject: QRadar data into PowerBi
Hi Dusan,
Thanks for your response.
i saw this excel and configure it with my qradar but it didn't give me any results, are you use it before?.
------------------------------
osama ahmed
Original Message:
Sent: Mon June 05, 2023 03:55 AM
From: Dusan VIDOVIC
Subject: QRadar data into PowerBi
Not sure if you've seen this already and if it could help - quite a while ago an example how to use the AQL and pull the data from QRadar into an Excel workbook was posted on github < https://github.com/ibm-security-intelligence/visualizations/tree/master/excel >
------------------------------
Dusan VIDOVIC
Original Message:
Sent: Fri June 02, 2023 01:35 PM
From: osama ahmed
Subject: QRadar data into PowerBi
Hi carols,
Thanks for your response.
------------------------------
osama ahmed
Original Message:
Sent: Fri June 02, 2023 12:48 PM
From: Carlos Medina
Subject: QRadar data into PowerBi
Hi, there is no native way to do this but there are several workarounds using the API.
The Qradar API allows you to extract offenses, log sources (quantity/status), domains, tennats, rules (use case manager app) and most importantly, perform searches based on AQL which gives you the freedom to do whatever you like.
To implement this you need a API token in authorized services.
A possible flow would be something similar to this
Step 1: Definition of what information do you need?
Step 2: Determine how to extract them, example:
a- If you need offenses you just have to go to /siem/offenses and you can also use filters like ?filter=status%3Dopen
b- If you need to create a search you must enter the AQL in /ariel/searches and then get the results in /ariel/searches/id
Step 3: Store the data in a database
Step 4: Plot the data with PowerBi
A few months ago I made this post where I explain the possibilities a bit more using python but unfortunately for privacy reasons I had to remove the script from github. But the idea is there and I think it can guide to achieve the purpose.
https://community.ibm.com/community/user/security/discussion/python-script-to-save-offenses-to-csvdb-file-and-monitoring-for-new-ones-for-data-analytics#bma4308591-f4dd-4e7c-930e-f9f3cd592b27
------------------------------
Carlos Medina
Original Message:
Sent: Tue May 30, 2023 05:56 AM
From: osama ahmed
Subject: QRadar data into PowerBi
Hi All,
Has anyone fed data from QRadar into MS Powerbi to display a dashboard for executive eyes? (clean and simple),is there any integration method?!
------------------------------
osama ahmed
------------------------------