How to use the QRadar REST API with the IBM Resilient application

How To

Summary

This article shows you how to use the QRadar REST API with the IBM Resilient application.

Objective

Using the QRadar API can prove useful when troubleshooting problems. It is also useful in cases where more detail is required of a particular offense that is escalated to Resilient.

Steps

This article details how you can use the QRadar API to troubleshoot problems.

How to restart the QRadar app from the REST API & How to delete and reinstall the QRadar app from the REST API

See QRadar: Basic App Troubleshooting Before Opening a QRadar Support Ticket for details of how to perform both these actions.

Backup and rollback

The QRadar application contains a database, which needs to be kept in sync with the Resilient platform database. When reinstalling the application, it is worth backing up this database. Details of how a backup can be achieved is in the documentation that accompanies the application in the App Exchange.

How to get the details of an offense

The endpoint is: /siem/offenses/{offense_id}

Open "Interactive Rest API for Developers."
Expand the latest available version of the API and use the EndPoint, /siem/offenses/{offense_id}.
Ensure you are on the GET tab.
Enter the offense ID and click "Try It Out!"
The JSON for that offense will appear below.

Document Location

Worldwide

[{"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSIP9Q","label":"IBM Security SOAR"},"Component":"QRadar app","Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"All Versions","Edition":"","Line of Business":{"code":"LOB24","label":"Security Software"}}]

Tips

How to use the QRadar REST API with the IBM Resilient application

How To

Summary

Objective

Steps

Document Location

Was this topic helpful?

Document Information

UID

Share your feedback

Need support?