IBM Support

QRadar: Universal Cloud REST API protocol cases and support policies

Question & Answer


Question

This article informs administrators about QRadar® Support policies. The Universal REST API is designed to enable security teams to ingest data more easily from a wide range of REST API cloud-based applications and services for enhanced visibility. To address this requirement, the Universal REST API includes a Universal Cloud REST API Protocol. The Universal Cloud REST API enables administrators to create Log Sources for the acquisition of data from REST API compatible data sources that are not currently supported.

Answer

Responsibilities for Universal REST API issues

QRadar® added enhanced functionality though the Universal Cloud REST API. This document outlines out-of-scope work for Log Source configuration cases and the responsibilities of the QRadar administrator. For more information, see Introducing the Universal Cloud Connector.

Support type Description Responsibility
Universal REST API and support
Administrators can use QRadar technical support to:
  1. Report user interface issues for the Universal Cloud REST API protocol. For example, open a case if the user interface does not load, you cannot edit your log sources, or when errors in the Log Source Management app are displayed related to the Universal Cloud REST API protocol.
  2. Explain protocol errors displayed in the QRadar logs.
  3. Confirm network issues and verify that the protocol, when used in a supported manner, can connect to an event source. For example, how administrators can use curl to validate that QRadar can contact the remote event source.
  4. Confirm issues or assist administrators with the command line testing tool provided by IBM.
 QRadar technical support

To open a case or report a Universal Cloud REST API issue, contact QRadar technical support.
Out-of-scope for QRadar Support The following activities are considered out-of-scope for technical support:
  1. Do not open a support case to report an issue with an XML workflow. All workflow XML issues must be reported through GitHub.
  2. Requests for assistance to create, modify, or test XML workflows required for the Universal Cloud REST API protocol.
  3. Assisting clients with the parsing, severity, definitions, or classification of events received from unsupported REST API-based log sources. Administrators can use the DSM Editor and create a custom log source type for the log source.
  4. Provide use case advice for collecting data from unsupported devices with the Universal Cloud REST API protocol.
Administrators need to create, modify, test, and tune the XML workflows by using one of the following resources:
  1. IBM Documentation for the QRadar Universal Cloud REST API protocol.
  2. Overview of the Universal Cloud Connector.
  3. IBM QRadar Universal Cloud REST API GitHub page.

[{"Line of Business":{"code":"LOB24","label":"Security Software"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSBQAC","label":"IBM Security QRadar SIEM"},"ARM Category":[{"code":"a8m0z000000cwsyAAA","label":"Admin Tasks"}],"ARM Case Number":"","Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"All Version(s)"}]

Document Information

Modified date:
17 June 2021

UID

ibm16427785

Page Feedback