IBM QRadar

IBM QRadar

Join this online user group to communicate across Security product users and IBM experts by sharing advice and best practices with peers and staying up to date regarding product enhancements.

 View Only
Back to discussions
Expand all | Collapse all

Save search results from the API and show them on GUI

  • 1.  Save search results from the API and show them on GUI

    Posted Thu December 17, 2020 09:36 AM

    Hello,

    I have an question on the QRadar API.

    In order to enhance some actions on an offense creation, I would like to use the QRadar API to automate some searches.

    The use case is as follows: when an offense is created on the qradar, I would like to use a script which sends API requests to automatically retrieve some fields from the offense and execute a search on them. This way, our support team will be able to see search results on the qradar GUI.

    I checked the API and tried to use the POST /ariel/searches API endpoint, with the "save_search" parameter, but results are not show on the API.

    They may be saved somewhere, potentially accesible only from the API, but this is not what I want, as they must be accessible from the GUI.

    Is there any way to achieve what I want to do?

    Thanks for your answers



    #QRadar
    #Support
    #SupportMigration


  • 2.  RE: Save search results from the API and show them on GUI

    Posted Thu December 31, 2020 12:49 PM

    I am also interested in that.

    Is it possible to display search results in GUI when search was started by API and I have the search id ?



    #QRadar
    #Support
    #SupportMigration