IBM QRadar

IBM QRadar

Join this online user group to communicate across Security product users and IBM experts by sharing advice and best practices with peers and staying up to date regarding product enhancements.

 View Only

  • 1.  Using networkname() aql function by REST API

    Posted Thu June 01, 2023 08:55 AM

    Hi there,

    i would like to know which is the networkname of a known IP, as it is classified in my nework hierarchy.

    Im trying to understand the right syntax using "interactive API for Developer"  GUI interface, but im in trouble.

    This is the command generated by GUI interface:

    curl -S -X GET -u john_john -H 'Version: 19.0' -H 'Accept: application/json' $'https://siem.puntozeroscarl.it/api/ariel/functions/networkname(\'10.151.103.1\')?database=qradar'

    response code=200 response body = null

    Obviously, using networkname() function from qradar console, not by API, it wrks fine and i get networkname as i need.

    Any idea?

    Thanks in advance,

    Giancarlo



    ------------------------------
    Giancarlo Cecchetti
    ------------------------------



  • 2.  RE: Using networkname() aql function by REST API

    Posted Fri June 16, 2023 09:45 AM

    Giancarlo

    so far so good! You are using API already by GUI via try it out. I am just a bit confused by response body is null.

    this should show the syntax needed .

    when using curl from CLI on other hosts other dependency may occur depending on from where issuing your command.

    tip = try in QRadar CLI first.

    pls copy GUI and CLI output for further analysis'.

    BR

    Karl



    ------------------------------
    [Karl] [Jaeger] [Business Partner]
    [QRadar Specialist]
    [pro4bizz]
    [Karlsruhe] [Germany]
    [4972190981722]
    ------------------------------

    Original Message


  • 3.  RE: Using networkname() aql function by REST API

    Posted Tue June 20, 2023 02:41 AM

    Hi Karl,

    thanx for answer me,

    i haven't investigated more about response body null,

    i guess i was trying to use a wrong API for my objective, i mean to decode IP address into network name according with my network hierarchy.

    i think to have reached a solution using "siem" API group instead of "functions"

    this is working form me:

    curl -S -X GET -k -H 'SEC: ********-****-****-****-************' -H 'Range: items=0-49' -H 'Version: 19.0' -H 'Accept: application/json' 'https://siem.puntozeroscarl.it/api/siem/source_addresses?fields=source_ip%2Cnetwork&filter=source_ip%3D%2710.151.103.1%27'

    BR

    Giancarlo



    ------------------------------
    Giancarlo Cecchetti
    ------------------------------

    Original Message


Related Content