IBM Security QRadar

 View Only
Expand all | Collapse all

Connection to IBM QRadar using external applications

  • 1.  Connection to IBM QRadar using external applications

    Posted Tue November 08, 2022 06:36 AM
    Hi Team ,

    I would like to understand any solution  connect IBM QRadar from external application (programming solution)  and read the alerts data
    Please help me to any API set or any other solution to achieve it 

    Regards
    Arun

    ------------------------------
    Arunachalam Ramaiah
    ------------------------------


  • 2.  RE: Connection to IBM QRadar using external applications

    Posted Tue November 08, 2022 10:24 PM
    QRadar API endpoint /siem/offenses retrieve a list of offenses currently in the system.  You can use the interactive API available in the QRadar system itself.  The url will be https://<qradar_ip_or_hostname>/api_doc

    QRadar latest API document: https://ibmsecuritydocs.github.io/qradar_api_17.0/
    Older version reference: https://www.ibm.com/docs/en/qsip/7.5?topic=api-endpoint-documentation-supported-versions

    Also, if you are interested in getting the alerts programatically, then you can refer to the api code sample here => https://github.com/IBM/api-samples
    Look in the directory siem which contains example related to offense endpoint /siem/offenses

    Hope it helps.

    Thanks,
    Prabir

    ------------------------------
    Prabir Meher
    ------------------------------



  • 3.  RE: Connection to IBM QRadar using external applications

    Posted Sat November 19, 2022 11:10 PM
    Hi Prabir ,

    Thanks Prabir , I tried calling /siem/offenses API using dotnet 6.0 and able to retrieve the offenses but it requires VPN should be connected .

    First connect to VPN and try to call the API which will give the result but connection failing if VPN is not connected.

    Please help me on my below queries.

    1. Any approach without  VPN connection.
    2. Any approach to connect VPN programmatically and  call the API.
    3. Any approach to connect and call API from different LAN.

    Thanks in Advance for helping 

    Regards
    Arun



    ------------------------------
    Arunachalam Ramaiah
    ------------------------------