IBM QRadar

IBM QRadar

Join this online user group to communicate across Security product users and IBM experts by sharing advice and best practices with peers and staying up to date regarding product enhancements.

 View Only
  • 1.  Using csv to populate PULSE Widget

    Posted Wed April 14, 2021 09:20 AM

    Hello

    I am new in Qradar's world and i am trying to create some widget in pulse. What i'm trying to achieve, is to make pie graph, using [tags] in rule's description : ie [build] [prod] [tuning] ....

    Since i can't filter on descriptio field using API, what i do right now, i get all the rules using the API on a bash script, parse what i wan't, and from there, i can create CSV (i was used to use this on Splunk).

    Is there's a way, or a workaround, to use this information (an array with tag name, and count) to populate a widget ?

    Thanks for your help !



    ------------------------------
    Fabien Sierras
    ------------------------------


  • 2.  RE: Using csv to populate PULSE Widget

    Posted Mon May 31, 2021 05:39 PM
    Hi Fabien,

    You may be able to achieve your use case using Pulse's Generic API data source and generating a JSON file of key-value pairs. The Pulse widget would need to be access this data through an API endpoint or URL.

    See this link for more details: https://www.ibm.com/docs/en/qradar-common?topic=source-tips-creating-generic-api-queries-dashboard-charts

    Regards,
    Andrew

    ------------------------------
    Andrew Kimpton
    ------------------------------