How To
Summary
This article shows you how to use the QRadar REST API with the IBM Resilient application.
Objective
Steps
This article details how you can use the QRadar API to troubleshoot problems.
How to restart the QRadar app from the REST API & How to delete and reinstall the QRadar app from the REST API
See QRadar: Basic App Troubleshooting Before Opening a QRadar Support Ticket for details of how to perform both these actions.
Backup and rollback
The QRadar application contains a database, which needs to be kept in sync with the Resilient platform database. When reinstalling the application, it is worth backing up this database. Details of how a backup can be achieved is in the documentation that accompanies the application in the App Exchange.
How to get the details of an offense
The endpoint is: /siem/offenses/{offense_id}
- Open "Interactive Rest API for Developers."
- Expand the latest available version of the API and use the EndPoint, /siem/offenses/{offense_id}.
- Ensure you are on the GET tab.
- Enter the offense ID and click "Try It Out!"
- The JSON for that offense will appear below.
Document Location
Worldwide
Was this topic helpful?
Document Information
Modified date:
19 April 2021
UID
ibm11163254