© Copyright IBM Corporation 2014, 2017. Product...

2338
IBM Security QRadar Version 7.3.0 API Guide IBM

Transcript of © Copyright IBM Corporation 2014, 2017. Product...

  • IBM Security QRadarVersion 7.3.0

    API Guide

    IBM

  • NoteBefore you use this information and the product that it supports, read the information in “Notices” on page 2301.

    Product information

    This document applies to IBM QRadar Security Intelligence Platform V7.3.0 and subsequent releases unlesssuperseded by an updated version of this document.

    © Copyright IBM Corporation 2014, 2017.US Government Users Restricted Rights – Use, duplication or disclosure restricted by GSA ADP Schedule Contractwith IBM Corp.

  • Contents

    Chapter 1. What's new for developers in RESTful APIs in QRadar V7.3.0 . . . . . . . . 1New endpoints in more detail . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2Deprecated endpoints in more detail . . . . . . . . . . . . . . . . . . . . . . . . . . . 5

    Chapter 2. RESTful API overview . . . . . . . . . . . . . . . . . . . . . . . . . 7Filter syntax . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10Sort syntax . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14Paging syntax . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14API error messages . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15Cross-origin resource sharing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18

    Chapter 3. API command-line client . . . . . . . . . . . . . . . . . . . . . . . 21

    Chapter 4. API sample code. . . . . . . . . . . . . . . . . . . . . . . . . . . 23

    Chapter 5. Accessing the interactive API documentation page . . . . . . . . . . . . 25

    Chapter 6. REST API V8.1 References . . . . . . . . . . . . . . . . . . . . . . 27Analytics endpoints . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27

    GET /analytics/ade_rules . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27GET /analytics/ade_rules/{id} . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28POST /analytics/ade_rules/{id} . . . . . . . . . . . . . . . . . . . . . . . . . . . 29DELETE /analytics/ade_rules/{id} . . . . . . . . . . . . . . . . . . . . . . . . . . 31GET /analytics/ade_rules/{id}/dependents . . . . . . . . . . . . . . . . . . . . . . . 32GET /analytics/ade_rules/ade_rule_delete_tasks/{task_id} . . . . . . . . . . . . . . . . . . 35GET /analytics/ade_rules/ade_rule_dependent_tasks/{task_id} . . . . . . . . . . . . . . . . . 36POST /analytics/ade_rules/ade_rule_dependent_tasks/{task_id} . . . . . . . . . . . . . . . . 39GET /analytics/ade_rules/ade_rule_dependent_tasks/{task_id}/results . . . . . . . . . . . . . . 42GET /analytics/building_blocks . . . . . . . . . . . . . . . . . . . . . . . . . . . 44GET /analytics/building_blocks/building_block_delete_tasks/{task_id} . . . . . . . . . . . . . . 46GET /analytics/building_blocks/building_block_dependent_tasks/{task_id} . . . . . . . . . . . . 47POST /analytics/building_blocks/building_block_dependent_tasks/{task_id} . . . . . . . . . . . . 50GET /analytics/building_blocks/building_block_dependent_tasks/{task_id}/results . . . . . . . . . . 53GET /analytics/building_blocks/{id} . . . . . . . . . . . . . . . . . . . . . . . . . . 55POST /analytics/building_blocks/{id} . . . . . . . . . . . . . . . . . . . . . . . . . 57DELETE /analytics/building_blocks/{id} . . . . . . . . . . . . . . . . . . . . . . . . 59GET /analytics/building_blocks/{id}/dependents . . . . . . . . . . . . . . . . . . . . . 60GET /analytics/custom_actions/actions . . . . . . . . . . . . . . . . . . . . . . . . . 63POST /analytics/custom_actions/actions . . . . . . . . . . . . . . . . . . . . . . . . 64GET /analytics/custom_actions/actions/{action_id} . . . . . . . . . . . . . . . . . . . . . 67POST /analytics/custom_actions/actions/{action_id} . . . . . . . . . . . . . . . . . . . . 68DELETE /analytics/custom_actions/actions/{action_id} . . . . . . . . . . . . . . . . . . . 70GET /analytics/custom_actions/interpreters . . . . . . . . . . . . . . . . . . . . . . . 71GET /analytics/custom_actions/interpreters/{interpreter_id} . . . . . . . . . . . . . . . . . . 72GET /analytics/custom_actions/scripts . . . . . . . . . . . . . . . . . . . . . . . . . 73POST /analytics/custom_actions/scripts . . . . . . . . . . . . . . . . . . . . . . . . 74GET /analytics/custom_actions/scripts/{script_id} . . . . . . . . . . . . . . . . . . . . . 75POST /analytics/custom_actions/scripts/{script_id} . . . . . . . . . . . . . . . . . . . . . 76DELETE /analytics/custom_actions/scripts/{script_id} . . . . . . . . . . . . . . . . . . . . 78GET /analytics/rule_groups. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 78GET /analytics/rule_groups/{group_id}. . . . . . . . . . . . . . . . . . . . . . . . . 80POST /analytics/rule_groups/{group_id} . . . . . . . . . . . . . . . . . . . . . . . . 82DELETE /analytics/rule_groups/{group_id} . . . . . . . . . . . . . . . . . . . . . . . 84GET /analytics/rules . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 85

    © Copyright IBM Corp. 2014, 2017 iii

  • GET /analytics/rules/rule_delete_tasks/{task_id} . . . . . . . . . . . . . . . . . . . . . 86GET /analytics/rules/rule_dependent_tasks/{task_id} . . . . . . . . . . . . . . . . . . . . 88POST /analytics/rules/rule_dependent_tasks/{task_id} . . . . . . . . . . . . . . . . . . . 90GET /analytics/rules/rule_dependent_tasks/{task_id}/results . . . . . . . . . . . . . . . . . 93GET /analytics/rules/{id} . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 95POST /analytics/rules/{id} . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 97DELETE /analytics/rules/{id} . . . . . . . . . . . . . . . . . . . . . . . . . . . . 99GET /analytics/rules/{id}/dependents . . . . . . . . . . . . . . . . . . . . . . . . . 100

    Ariel endpoints. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 103GET /ariel/databases . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 103GET /ariel/databases/{database_name} . . . . . . . . . . . . . . . . . . . . . . . . 104GET /ariel/event_saved_search_groups . . . . . . . . . . . . . . . . . . . . . . . . 105GET /ariel/event_saved_search_groups/{group_id} . . . . . . . . . . . . . . . . . . . . 107POST /ariel/event_saved_search_groups/{group_id} . . . . . . . . . . . . . . . . . . . . 108DELETE /ariel/event_saved_search_groups/{group_id} . . . . . . . . . . . . . . . . . . . 110GET /ariel/flow_saved_search_groups . . . . . . . . . . . . . . . . . . . . . . . . . 111GET /ariel/flow_saved_search_groups/{group_id} . . . . . . . . . . . . . . . . . . . . . 113POST /ariel/flow_saved_search_groups/{group_id} . . . . . . . . . . . . . . . . . . . . 114DELETE /ariel/flow_saved_search_groups/{group_id} . . . . . . . . . . . . . . . . . . . 116GET /ariel/saved_search_delete_tasks/{task_id}. . . . . . . . . . . . . . . . . . . . . . 117GET /ariel/saved_search_dependent_tasks/{task_id} . . . . . . . . . . . . . . . . . . . . 118POST /ariel/saved_search_dependent_tasks/{task_id}. . . . . . . . . . . . . . . . . . . . 121GET /ariel/saved_search_dependent_tasks/{task_id}/results . . . . . . . . . . . . . . . . . 124GET /ariel/saved_searches . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 126GET /ariel/saved_searches/{id} . . . . . . . . . . . . . . . . . . . . . . . . . . . 127POST /ariel/saved_searches/{id}. . . . . . . . . . . . . . . . . . . . . . . . . . . 128DELETE /ariel/saved_searches/{id} . . . . . . . . . . . . . . . . . . . . . . . . . . 130GET /ariel/saved_searches/{id}/dependents . . . . . . . . . . . . . . . . . . . . . . . 131GET /ariel/searches . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 134POST /ariel/searches. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 135GET /ariel/searches/{search_id} . . . . . . . . . . . . . . . . . . . . . . . . . . . 137POST /ariel/searches/{search_id} . . . . . . . . . . . . . . . . . . . . . . . . . . 139DELETE /ariel/searches/{search_id} . . . . . . . . . . . . . . . . . . . . . . . . . 141GET /ariel/searches/{search_id}/results . . . . . . . . . . . . . . . . . . . . . . . . 142

    Asset model endpoints . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 144GET /asset_model/assets . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 144POST /asset_model/assets/{asset_id} . . . . . . . . . . . . . . . . . . . . . . . . . 145GET /asset_model/properties . . . . . . . . . . . . . . . . . . . . . . . . . . . . 146GET /asset_model/saved_search_groups . . . . . . . . . . . . . . . . . . . . . . . . 147GET /asset_model/saved_search_groups/{group_id} . . . . . . . . . . . . . . . . . . . . 149POST /asset_model/saved_search_groups/{group_id}. . . . . . . . . . . . . . . . . . . . 151DELETE /asset_model/saved_search_groups/{group_id}. . . . . . . . . . . . . . . . . . . 152GET /asset_model/saved_searches . . . . . . . . . . . . . . . . . . . . . . . . . . 153GET /asset_model/saved_searches/{saved_search_id}. . . . . . . . . . . . . . . . . . . . 155POST /asset_model/saved_searches/{saved_search_id} . . . . . . . . . . . . . . . . . . . 156DELETE /asset_model/saved_searches/{saved_search_id} . . . . . . . . . . . . . . . . . . 157GET /asset_model/saved_searches/{saved_search_id}/results . . . . . . . . . . . . . . . . . 158

    Authentication endpoints . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 160POST /auth/logout . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 160

    Configuration endpoints. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 160GET /config/access/tenant_management/tenants . . . . . . . . . . . . . . . . . . . . . 160POST /config/access/tenant_management/tenants. . . . . . . . . . . . . . . . . . . . . 162GET /config/access/tenant_management/tenants/{tenant_id} . . . . . . . . . . . . . . . . . 163POST /config/access/tenant_management/tenants/{tenant_id} . . . . . . . . . . . . . . . . 164DELETE /config/access/tenant_management/tenants/{tenant_id} . . . . . . . . . . . . . . . 165GET /config/deployment/hosts . . . . . . . . . . . . . . . . . . . . . . . . . . . 165GET /config/deployment/hosts/{id} . . . . . . . . . . . . . . . . . . . . . . . . . 168POST /config/deployment/hosts/{id} . . . . . . . . . . . . . . . . . . . . . . . . . 171GET /config/deployment/license_pool. . . . . . . . . . . . . . . . . . . . . . . . . 174GET /config/domain_management/domains. . . . . . . . . . . . . . . . . . . . . . . 175POST /config/domain_management/domains . . . . . . . . . . . . . . . . . . . . . . 177

    iv QRadar API Reference Guide

  • GET /config/domain_management/domains/{domain_id} . . . . . . . . . . . . . . . . . . 179POST /config/domain_management/domains/{domain_id}. . . . . . . . . . . . . . . . . . 180DELETE /config/domain_management/domains/{domain_id}. . . . . . . . . . . . . . . . . 182GET /config/event_retention_buckets . . . . . . . . . . . . . . . . . . . . . . . . . 183GET /config/event_retention_buckets/{id} . . . . . . . . . . . . . . . . . . . . . . . 185POST /config/event_retention_buckets/{id} . . . . . . . . . . . . . . . . . . . . . . . 186DELETE /config/event_retention_buckets/{id} . . . . . . . . . . . . . . . . . . . . . . 188GET /config/event_sources/custom_properties/property_expressions . . . . . . . . . . . . . . 189POST /config/event_sources/custom_properties/property_expressions . . . . . . . . . . . . . . 190GET /config/event_sources/custom_properties/property_expressions/{expression_id} . . . . . . . . . 193POST /config/event_sources/custom_properties/property_expressions/{expression_id} . . . . . . . . 194DELETE /config/event_sources/custom_properties/property_expressions/{expression_id} . . . . . . . 196GET /config/event_sources/custom_properties/regex_properties . . . . . . . . . . . . . . . . 197POST /config/event_sources/custom_properties/regex_properties . . . . . . . . . . . . . . . 198GET /config/event_sources/custom_properties/regex_properties/{regex_property_id} . . . . . . . . . 200POST /config/event_sources/custom_properties/regex_properties/{regex_property_id} . . . . . . . . 202DELETE /config/event_sources/custom_properties/regex_properties/{regex_property_id} . . . . . . . 204GET /config/event_sources/custom_properties/regex_properties/{regex_property_id}/dependents . . . . 206GET /config/event_sources/custom_properties/regex_property_delete_tasks/{task_id} . . . . . . . . 208GET /config/event_sources/custom_properties/regex_property_dependent_tasks/{task_id} . . . . . . . 210POST /config/event_sources/custom_properties/regex_property_dependent_tasks/{task_id}. . . . . . . 213GET /config/event_sources/custom_properties/regex_property_dependent_tasks/{task_id}/results . . . . 216GET /config/extension_management/extensions . . . . . . . . . . . . . . . . . . . . . 218POST /config/extension_management/extensions . . . . . . . . . . . . . . . . . . . . . 221GET /config/extension_management/extensions/{extension_id} . . . . . . . . . . . . . . . . 223POST /config/extension_management/extensions/{extension_id} . . . . . . . . . . . . . . . . 225DELETE /config/extension_management/extensions/{extension_id} . . . . . . . . . . . . . . . 226GET /config/extension_management/extensions_task_status/{status_id} . . . . . . . . . . . . . 228GET /config/extension_management/extensions_task_status/{status_id}/results . . . . . . . . . . . 230GET /config/flow_retention_buckets . . . . . . . . . . . . . . . . . . . . . . . . . 231GET /config/flow_retention_buckets/{id} . . . . . . . . . . . . . . . . . . . . . . . . 233POST /config/flow_retention_buckets/{id} . . . . . . . . . . . . . . . . . . . . . . . 234DELETE /config/flow_retention_buckets/{id} . . . . . . . . . . . . . . . . . . . . . . 236GET /config/flow_sources/custom_properties/property_expressions. . . . . . . . . . . . . . . 236POST /config/flow_sources/custom_properties/property_expressions . . . . . . . . . . . . . . 238GET /config/flow_sources/custom_properties/property_expressions/{expression_id} . . . . . . . . . 240POST /config/flow_sources/custom_properties/property_expressions/{expression_id}. . . . . . . . . 242DELETE /config/flow_sources/custom_properties/property_expressions/{expression_id} . . . . . . . . 244GET /config/flow_sources/custom_properties/regex_properties . . . . . . . . . . . . . . . . 245POST /config/flow_sources/custom_properties/regex_properties . . . . . . . . . . . . . . . . 247GET /config/flow_sources/custom_properties/regex_properties/{regex_property_id} . . . . . . . . . 249POST /config/flow_sources/custom_properties/regex_properties/{regex_property_id} . . . . . . . . . 250DELETE /config/flow_sources/custom_properties/regex_properties/{regex_property_id} . . . . . . . . 252GET /config/flow_sources/custom_properties/regex_properties/{regex_property_id}/dependents . . . . . 254GET /config/flow_sources/custom_properties/regex_property_delete_tasks/{task_id} . . . . . . . . . 257GET /config/flow_sources/custom_properties/regex_property_dependent_tasks/{task_id} . . . . . . . 258POST /config/flow_sources/custom_properties/regex_property_dependent_tasks/{task_id} . . . . . . . 261GET /config/flow_sources/custom_properties/regex_property_dependent_tasks/{task_id}/results . . . . . 264GET /config/global_system_notifications . . . . . . . . . . . . . . . . . . . . . . . . 266GET /config/global_system_notifications/{notification_id} . . . . . . . . . . . . . . . . . . 267GET /config/network_hierarchy/networks . . . . . . . . . . . . . . . . . . . . . . . 268GET /config/network_hierarchy/staged_networks . . . . . . . . . . . . . . . . . . . . . 269PUT /config/network_hierarchy/staged_networks . . . . . . . . . . . . . . . . . . . . . 270GET /config/remote_networks . . . . . . . . . . . . . . . . . . . . . . . . . . . 272GET /config/remote_networks/{network_id}. . . . . . . . . . . . . . . . . . . . . . . 273GET /config/remote_services . . . . . . . . . . . . . . . . . . . . . . . . . . . . 274GET /config/remote_services/{service_id} . . . . . . . . . . . . . . . . . . . . . . . 276GET /config/resource_restrictions . . . . . . . . . . . . . . . . . . . . . . . . . . 277POST /config/resource_restrictions . . . . . . . . . . . . . . . . . . . . . . . . . . 278GET /config/resource_restrictions/{resource_restriction_id} . . . . . . . . . . . . . . . . . . 279DELETE /config/resource_restrictions/{resource_restriction_id} . . . . . . . . . . . . . . . . 280

    Contents v

  • PUT /config/resource_restrictions/{resource_restriction_id} . . . . . . . . . . . . . . . . . . 281GET /config/store_and_forward/policies . . . . . . . . . . . . . . . . . . . . . . . . 282GET /config/store_and_forward/policies/{id} . . . . . . . . . . . . . . . . . . . . . . 284POST /config/store_and_forward/policies/{id} . . . . . . . . . . . . . . . . . . . . . . 285DELETE /config/store_and_forward/policies/{id} . . . . . . . . . . . . . . . . . . . . . 287

    Data classification endpoints . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 287GET /data_classification/dsm_event_mappings . . . . . . . . . . . . . . . . . . . . . . 287POST /data_classification/dsm_event_mappings . . . . . . . . . . . . . . . . . . . . . 289GET /data_classification/dsm_event_mappings/{dsm_event_mapping_id} . . . . . . . . . . . . . 291POST /data_classification/dsm_event_mappings/{dsm_event_mapping_id} . . . . . . . . . . . . 292GET /data_classification/high_level_categories . . . . . . . . . . . . . . . . . . . . . . 294GET /data_classification/high_level_categories/{high_level_category_id} . . . . . . . . . . . . . 295GET /data_classification/low_level_categories . . . . . . . . . . . . . . . . . . . . . . 296GET /data_classification/low_level_categories/{low_level_category_id} . . . . . . . . . . . . . . 298GET /data_classification/qid_records . . . . . . . . . . . . . . . . . . . . . . . . . 299POST /data_classification/qid_records . . . . . . . . . . . . . . . . . . . . . . . . . 300GET /data_classification/qid_records/{qid_record_id}. . . . . . . . . . . . . . . . . . . . 302POST /data_classification/qid_records/{qid_record_id} . . . . . . . . . . . . . . . . . . . 303

    Forensics endpoints . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 305GET /forensics/capture/recoveries . . . . . . . . . . . . . . . . . . . . . . . . . . 305POST /forensics/capture/recoveries. . . . . . . . . . . . . . . . . . . . . . . . . . 307GET /forensics/capture/recoveries/{id} . . . . . . . . . . . . . . . . . . . . . . . . 308GET /forensics/capture/recovery_tasks . . . . . . . . . . . . . . . . . . . . . . . . 310GET /forensics/capture/recovery_tasks/{id} . . . . . . . . . . . . . . . . . . . . . . . 312GET /forensics/case_management/case_create_tasks/{id} . . . . . . . . . . . . . . . . . . 314GET /forensics/case_management/cases . . . . . . . . . . . . . . . . . . . . . . . . 315POST /forensics/case_management/cases . . . . . . . . . . . . . . . . . . . . . . . . 316GET /forensics/case_management/cases/{id} . . . . . . . . . . . . . . . . . . . . . . 318

    GUI application framework endpoints . . . . . . . . . . . . . . . . . . . . . . . . . . 319GET /gui_app_framework/application_creation_task . . . . . . . . . . . . . . . . . . . . 319POST /gui_app_framework/application_creation_task . . . . . . . . . . . . . . . . . . . 320GET /gui_app_framework/application_creation_task/{application_id} . . . . . . . . . . . . . . 321POST /gui_app_framework/application_creation_task/{application_id} . . . . . . . . . . . . . . 322GET /gui_app_framework/applications . . . . . . . . . . . . . . . . . . . . . . . . 323GET /gui_app_framework/applications/{application_id} . . . . . . . . . . . . . . . . . . . 325POST /gui_app_framework/applications/{application_id} . . . . . . . . . . . . . . . . . . 328PUT /gui_app_framework/applications/{application_id} . . . . . . . . . . . . . . . . . . . 331DELETE /gui_app_framework/applications/{application_id} . . . . . . . . . . . . . . . . . 332GET /gui_app_framework/named_services . . . . . . . . . . . . . . . . . . . . . . . 333GET /gui_app_framework/named_services/{uuid}. . . . . . . . . . . . . . . . . . . . . 335

    Help endpoints . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 337GET /help/endpoints . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 337GET /help/endpoints/{endpoint_id} . . . . . . . . . . . . . . . . . . . . . . . . . 340GET /help/resources . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 343GET /help/resources/{resource_id} . . . . . . . . . . . . . . . . . . . . . . . . . . 344GET /help/versions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 346GET /help/versions/{version_id} . . . . . . . . . . . . . . . . . . . . . . . . . . 347

    IBM Security QRadar Risk Manager endpoints . . . . . . . . . . . . . . . . . . . . . . . 348GET /qrm/model_groups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 348GET /qrm/model_groups/{group_id} . . . . . . . . . . . . . . . . . . . . . . . . . 350POST /qrm/model_groups/{group_id}. . . . . . . . . . . . . . . . . . . . . . . . . 352DELETE /qrm/model_groups/{group_id} . . . . . . . . . . . . . . . . . . . . . . . . 353GET /qrm/qrm_saved_search_groups . . . . . . . . . . . . . . . . . . . . . . . . . 354GET /qrm/qrm_saved_search_groups/{group_id} . . . . . . . . . . . . . . . . . . . . . 356POST /qrm/qrm_saved_search_groups/{group_id} . . . . . . . . . . . . . . . . . . . . 357DELETE /qrm/qrm_saved_search_groups/{group_id}. . . . . . . . . . . . . . . . . . . . 359GET /qrm/question_groups . . . . . . . . . . . . . . . . . . . . . . . . . . . . 360GET /qrm/question_groups/{group_id} . . . . . . . . . . . . . . . . . . . . . . . . 362POST /qrm/question_groups/{group_id} . . . . . . . . . . . . . . . . . . . . . . . . 363DELETE /qrm/question_groups/{group_id} . . . . . . . . . . . . . . . . . . . . . . . 365GET /qrm/simulation_groups. . . . . . . . . . . . . . . . . . . . . . . . . . . . 366

    vi QRadar API Reference Guide

  • GET /qrm/simulation_groups/{group_id}. . . . . . . . . . . . . . . . . . . . . . . . 367POST /qrm/simulation_groups/{group_id} . . . . . . . . . . . . . . . . . . . . . . . 369DELETE /qrm/simulation_groups/{group_id} . . . . . . . . . . . . . . . . . . . . . . 371GET /qrm/topology_saved_search_groups . . . . . . . . . . . . . . . . . . . . . . . 372GET /qrm/topology_saved_search_groups/{group_id} . . . . . . . . . . . . . . . . . . . 373POST /qrm/topology_saved_search_groups/{group_id} . . . . . . . . . . . . . . . . . . . 375DELETE /qrm/topology_saved_search_groups/{group_id} . . . . . . . . . . . . . . . . . . 377

    QRadar Vulnerability Manager endpoints . . . . . . . . . . . . . . . . . . . . . . . . . 378GET /qvm/assets . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 378GET /qvm/filters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 378GET /qvm/network . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 379GET /qvm/openservices . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 380GET /qvm/saved_search_groups. . . . . . . . . . . . . . . . . . . . . . . . . . . 380GET /qvm/saved_search_groups/{group_id}. . . . . . . . . . . . . . . . . . . . . . . 382POST /qvm/saved_search_groups/{group_id} . . . . . . . . . . . . . . . . . . . . . . 384DELETE /qvm/saved_search_groups/{group_id} . . . . . . . . . . . . . . . . . . . . . 385GET /qvm/saved_searches. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 386GET /qvm/saved_searches/vuln_instances/{task_id}/results/assets . . . . . . . . . . . . . . . 387GET /qvm/saved_searches/vuln_instances/{task_id}/results/vuln_instances . . . . . . . . . . . . 389GET /qvm/saved_searches/vuln_instances/{task_id}/results/vulnerabilities . . . . . . . . . . . . 391GET /qvm/saved_searches/vuln_instances/{task_id}/status . . . . . . . . . . . . . . . . . 392POST /qvm/saved_searches/vuln_instances/{task_id}/status . . . . . . . . . . . . . . . . . 393GET /qvm/saved_searches/{saved_search_id} . . . . . . . . . . . . . . . . . . . . . . 395POST /qvm/saved_searches/{saved_search_id} . . . . . . . . . . . . . . . . . . . . . . 396DELETE /qvm/saved_searches/{saved_search_id} . . . . . . . . . . . . . . . . . . . . . 397GET /qvm/saved_searches/{saved_search_id}/vuln_instances . . . . . . . . . . . . . . . . . 398POST /qvm/tickets/assign. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 399GET /qvm/vulns . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 400

    Reference data endpoints . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 401GET /reference_data/map_delete_tasks/{task_id} . . . . . . . . . . . . . . . . . . . . . 401GET /reference_data/map_dependent_tasks/{task_id} . . . . . . . . . . . . . . . . . . . 402POST /reference_data/map_dependent_tasks/{task_id} . . . . . . . . . . . . . . . . . . . 405GET /reference_data/map_dependent_tasks/{task_id}/results . . . . . . . . . . . . . . . . . 408GET /reference_data/map_of_sets . . . . . . . . . . . . . . . . . . . . . . . . . . 410POST /reference_data/map_of_sets . . . . . . . . . . . . . . . . . . . . . . . . . . 411POST /reference_data/map_of_sets/bulk_load/{name} . . . . . . . . . . . . . . . . . . . 413GET /reference_data/map_of_sets/{name} . . . . . . . . . . . . . . . . . . . . . . . 414POST /reference_data/map_of_sets/{name} . . . . . . . . . . . . . . . . . . . . . . . 415DELETE /reference_data/map_of_sets/{name} . . . . . . . . . . . . . . . . . . . . . . 417GET /reference_data/map_of_sets/{name}/dependents . . . . . . . . . . . . . . . . . . . 419DELETE /reference_data/map_of_sets/{name}/{key} . . . . . . . . . . . . . . . . . . . . 420GET /reference_data/map_of_sets_delete_tasks/{task_id} . . . . . . . . . . . . . . . . . . 422GET /reference_data/map_of_sets_dependent_tasks/{task_id} . . . . . . . . . . . . . . . . . 423POST /reference_data/map_of_sets_dependent_tasks/{task_id} . . . . . . . . . . . . . . . . 426GET /reference_data/map_of_sets_dependent_tasks/{task_id}/results . . . . . . . . . . . . . . 429GET /reference_data/maps. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 431POST /reference_data/maps . . . . . . . . . . . . . . . . . . . . . . . . . . . . 432POST /reference_data/maps/bulk_load/{name}. . . . . . . . . . . . . . . . . . . . . . 433GET /reference_data/maps/{name} . . . . . . . . . . . . . . . . . . . . . . . . . . 435POST /reference_data/maps/{name} . . . . . . . . . . . . . . . . . . . . . . . . . 436DELETE /reference_data/maps/{name} . . . . . . . . . . . . . . . . . . . . . . . . 438GET /reference_data/maps/{name}/dependents . . . . . . . . . . . . . . . . . . . . . 439DELETE /reference_data/maps/{name}/{key} . . . . . . . . . . . . . . . . . . . . . . 441GET /reference_data/set_delete_tasks/{task_id} . . . . . . . . . . . . . . . . . . . . . . 442GET /reference_data/set_dependent_tasks/{task_id} . . . . . . . . . . . . . . . . . . . . 444POST /reference_data/set_dependent_tasks/{task_id} . . . . . . . . . . . . . . . . . . . . 446GET /reference_data/set_dependent_tasks/{task_id}/results . . . . . . . . . . . . . . . . . 449GET /reference_data/sets . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 451POST /reference_data/sets . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 453POST /reference_data/sets/bulk_load/{name} . . . . . . . . . . . . . . . . . . . . . . 454GET /reference_data/sets/{name} . . . . . . . . . . . . . . . . . . . . . . . . . . 455

    Contents vii

  • POST /reference_data/sets/{name} . . . . . . . . . . . . . . . . . . . . . . . . . . 457DELETE /reference_data/sets/{name} . . . . . . . . . . . . . . . . . . . . . . . . . 458DELETE /reference_data/sets/{name}/{value} . . . . . . . . . . . . . . . . . . . . . . 460GET /reference_data/sets/{name}/dependents . . . . . . . . . . . . . . . . . . . . . . 461GET /reference_data/tables . . . . . . . . . . . . . . . . . . . . . . . . . . . . 463POST /reference_data/tables . . . . . . . . . . . . . . . . . . . . . . . . . . . . 464POST /reference_data/tables/bulk_load/{name} . . . . . . . . . . . . . . . . . . . . . 465GET /reference_data/tables_delete_tasks/{task_id} . . . . . . . . . . . . . . . . . . . . . 467GET /reference_data/tables/{name} . . . . . . . . . . . . . . . . . . . . . . . . . . 468POST /reference_data/tables/{name} . . . . . . . . . . . . . . . . . . . . . . . . . 469DELETE /reference_data/tables/{name} . . . . . . . . . . . . . . . . . . . . . . . . 471GET /reference_data/tables_dependent_tasks/{task_id} . . . . . . . . . . . . . . . . . . . 473POST /reference_data/tables_dependent_tasks/{task_id} . . . . . . . . . . . . . . . . . . . 475GET /reference_data/tables_dependent_tasks/{task_id}/results . . . . . . . . . . . . . . . . 477GET /reference_data/tables/{name}/dependents . . . . . . . . . . . . . . . . . . . . . 479DELETE /reference_data/tables/{name}/{outer_key}/{inner_key} . . . . . . . . . . . . . . . . 480

    Scanner endpoints . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 482GET /scanner/profiles . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 482POST /scanner/profiles/create . . . . . . . . . . . . . . . . . . . . . . . . . . . 482POST /scanner/profiles/start . . . . . . . . . . . . . . . . . . . . . . . . . . . . 483GET /scanner/scanprofiles . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 484POST /scanner/scanprofiles . . . . . . . . . . . . . . . . . . . . . . . . . . . . 485GET /scanner/scanprofiles/{profileid} . . . . . . . . . . . . . . . . . . . . . . . . . 486POST /scanner/scanprofiles/{profileid} . . . . . . . . . . . . . . . . . . . . . . . . 488DELETE /scanner/scanprofiles/{profileid} . . . . . . . . . . . . . . . . . . . . . . . 489POST /scanner/scanprofiles/{profileid}/start . . . . . . . . . . . . . . . . . . . . . . 489

    Services endpoints. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 490POST /services/dig_lookups . . . . . . . . . . . . . . . . . . . . . . . . . . . . 490GET /services/dig_lookups/{dig_lookup_id}. . . . . . . . . . . . . . . . . . . . . . . 491POST /services/dns_lookups . . . . . . . . . . . . . . . . . . . . . . . . . . . . 493GET /services/dns_lookups/{dns_lookup_id} . . . . . . . . . . . . . . . . . . . . . . 494POST /services/port_scans. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 495GET /services/port_scans/{port_scan_id} . . . . . . . . . . . . . . . . . . . . . . . . 496POST /services/whois_lookups . . . . . . . . . . . . . . . . . . . . . . . . . . . 497GET /services/whois_lookups/{whois_lookup_id} . . . . . . . . . . . . . . . . . . . . . 499

    SIEM endpoints . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 500GET /siem/local_destination_addresses . . . . . . . . . . . . . . . . . . . . . . . . 500GET /siem/local_destination_addresses/{local_destination_address_id} . . . . . . . . . . . . . . 502GET /siem/offense_closing_reasons . . . . . . . . . . . . . . . . . . . . . . . . . . 503POST /siem/offense_closing_reasons . . . . . . . . . . . . . . . . . . . . . . . . . 504GET /siem/offense_closing_reasons/{closing_reason_id} . . . . . . . . . . . . . . . . . . . 505GET /siem/offense_saved_search_delete_tasks/{task_id} . . . . . . . . . . . . . . . . . . . 506GET /siem/offense_saved_search_dependent_tasks/{task_id} . . . . . . . . . . . . . . . . . 508POST /siem/offense_saved _search_dependent_tasks/{task_id} . . . . . . . . . . . . . . . . 510GET /siem/offense_saved _search_dependent_tasks/{task_id}/results . . . . . . . . . . . . . . 513GET /siem/offense_saved_search_groups . . . . . . . . . . . . . . . . . . . . . . . . 515GET /siem/offense_saved_search_groups/{group_id} . . . . . . . . . . . . . . . . . . . . 517POST /siem/offense_saved_search_groups/{group_id} . . . . . . . . . . . . . . . . . . . 519DELETE /siem/offense_saved_search_groups/{group_id} . . . . . . . . . . . . . . . . . . 521GET /siem/offense_saved_searches . . . . . . . . . . . . . . . . . . . . . . . . . . 521GET /siem/offense_saved_searches/{id} . . . . . . . . . . . . . . . . . . . . . . . . 522POST /siem/offense_saved_searches/{id} . . . . . . . . . . . . . . . . . . . . . . . . 524DELETE /siem/offense_saved_searches/{id} . . . . . . . . . . . . . . . . . . . . . . . 525GET /siem/offense_saved_searches/{id}/dependents . . . . . . . . . . . . . . . . . . . . 527GET /siem/offenses . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 530GET /siem/offenses/{offense_id}. . . . . . . . . . . . . . . . . . . . . . . . . . . 532GET /siem/offenses/{offense_id}/notes . . . . . . . . . . . . . . . . . . . . . . . . 535GET /siem/offenses/{offense_id}/notes/{note_id} . . . . . . . . . . . . . . . . . . . . . 536POST /siem/offenses/{offense_id}/notes . . . . . . . . . . . . . . . . . . . . . . . . 537POST /siem/offenses/{offense_id} . . . . . . . . . . . . . . . . . . . . . . . . . . 538GET /siem/offense_types . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 542

    viii QRadar API Reference Guide

  • GET /siem/offense_types/{offense_type_id} . . . . . . . . . . . . . . . . . . . . . . . 543GET /siem/source_addresses . . . . . . . . . . . . . . . . . . . . . . . . . . . . 545GET /siem/source_addresses/{source_address_id} . . . . . . . . . . . . . . . . . . . . . 546

    Staged configuration endpoints . . . . . . . . . . . . . . . . . . . . . . . . . . . . 547GET /staged_config/deploy_status . . . . . . . . . . . . . . . . . . . . . . . . . . 548POST /staged_config/deploy_status. . . . . . . . . . . . . . . . . . . . . . . . . . 549GET /staged_config/deployment/hosts . . . . . . . . . . . . . . . . . . . . . . . . 550GET /staged_config/deployment/hosts/{id} . . . . . . . . . . . . . . . . . . . . . . . 553GET /staged_config/global_system_notifications . . . . . . . . . . . . . . . . . . . . . 556GET /staged_config/global_system_notifications/{notification_id}. . . . . . . . . . . . . . . . 557POST /staged_config/global_system_notifications/{notification_id} . . . . . . . . . . . . . . . 558GET /staged_config/remote_networks . . . . . . . . . . . . . . . . . . . . . . . . . 560POST /staged_config/remote_networks . . . . . . . . . . . . . . . . . . . . . . . . 561GET /staged_config/remote_networks/{network_id} . . . . . . . . . . . . . . . . . . . . 562POST /staged_config/remote_networks/{network_id}. . . . . . . . . . . . . . . . . . . . 563DELETE /staged_config/remote_networks/{network_id} . . . . . . . . . . . . . . . . . . . 565GET /staged_config/remote_services . . . . . . . . . . . . . . . . . . . . . . . . . 565POST /staged_config/remote_services . . . . . . . . . . . . . . . . . . . . . . . . . 567GET /staged_config/remote_services/{service_id} . . . . . . . . . . . . . . . . . . . . . 568POST /staged_config/remote_services/{service_id}. . . . . . . . . . . . . . . . . . . . . 569DELETE /staged_config/remote_services/{service_id}. . . . . . . . . . . . . . . . . . . . 571DELETE /staged_config/yara_rules . . . . . . . . . . . . . . . . . . . . . . . . . . 571PUT /staged_config/yara_rules . . . . . . . . . . . . . . . . . . . . . . . . . . . 572

    System endpoints . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 573GET /system/authorization/password_policies . . . . . . . . . . . . . . . . . . . . . . 573GET /system/authorization/password_policies/{id} . . . . . . . . . . . . . . . . . . . . 574POST /system/authorization/password_policies/{id} . . . . . . . . . . . . . . . . . . . . 575GET /system/information/locales . . . . . . . . . . . . . . . . . . . . . . . . . . 577GET /system/servers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 579GET /system/servers/{server_id} . . . . . . . . . . . . . . . . . . . . . . . . . . 580POST /system/servers/{server_id} . . . . . . . . . . . . . . . . . . . . . . . . . . 581GET /system/servers/{server_id}/firewall_rules . . . . . . . . . . . . . . . . . . . . . 582PUT /system/servers/{server_id}/firewall_rules . . . . . . . . . . . . . . . . . . . . . 584GET /system/servers/{server_id}/network_interfaces/bonded . . . . . . . . . . . . . . . . . 585POST /system/servers/{server_id}/network_interfaces/bonded . . . . . . . . . . . . . . . . 587POST /system/servers/{server_id}/network_interfaces/bonded/{device_name} . . . . . . . . . . . 589DELETE /system/servers/{server_id}/network_interfaces/bonded/{device_name} . . . . . . . . . . 592GET /system/servers/{server_id}/network_interfaces/ethernet . . . . . . . . . . . . . . . . 592POST /system/servers/{server_id}/network_interfaces/ethernet/{device_name} . . . . . . . . . . . 594GET /system/servers/{server_id}/system_time_settings . . . . . . . . . . . . . . . . . . . 597POST /system/servers/{server_id}/system_time_settings . . . . . . . . . . . . . . . . . . 598GET /system/servers/{server_id}/timezones . . . . . . . . . . . . . . . . . . . . . . . 600

    Chapter 7. Previous REST API versions . . . . . . . . . . . . . . . . . . . . . 603REST API V8.0 References . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 603

    Analytics endpoints . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 603GET /analytics/ade_rules . . . . . . . . . . . . . . . . . . . . . . . . . . . . 603GET /analytics/ade_rules/{id} . . . . . . . . . . . . . . . . . . . . . . . . . . 604POST /analytics/ade_rules/{id} . . . . . . . . . . . . . . . . . . . . . . . . . . 605DELETE /analytics/ade_rules/{id} . . . . . . . . . . . . . . . . . . . . . . . . . 607GET /analytics/ade_rules/{id}/dependents . . . . . . . . . . . . . . . . . . . . . . 608GET /analytics/ade_rules/ade_rule_delete_tasks/{task_id} . . . . . . . . . . . . . . . . . 611GET /analytics/ade_rules/ade_rule_dependent_tasks/{task_id} . . . . . . . . . . . . . . . 612POST /analytics/ade_rules/ade_rule_dependent_tasks/{task_id} . . . . . . . . . . . . . . . 615GET /analytics/ade_rules/ade_rule_dependent_tasks/{task_id}/results . . . . . . . . . . . . . 618GET /analytics/building_blocks . . . . . . . . . . . . . . . . . . . . . . . . . . 620GET /analytics/building_blocks/building_block_delete_tasks/{task_id} . . . . . . . . . . . . . 622GET /analytics/building_blocks/building_block_dependent_tasks/{task_id} . . . . . . . . . . . 623POST /analytics/building_blocks/building_block_dependent_tasks/{task_id} . . . . . . . . . . . 626GET /analytics/building_blocks/building_block_dependent_tasks/{task_id}/results . . . . . . . . 629GET /analytics/building_blocks/{id} . . . . . . . . . . . . . . . . . . . . . . . . 631

    Contents ix

  • POST /analytics/building_blocks/{id} . . . . . . . . . . . . . . . . . . . . . . . . 632DELETE /analytics/building_blocks/{id} . . . . . . . . . . . . . . . . . . . . . . . 634GET /analytics/building_blocks/{id}/dependents . . . . . . . . . . . . . . . . . . . . 636GET /analytics/custom_actions/actions . . . . . . . . . . . . . . . . . . . . . . . 638POST /analytics/custom_actions/actions . . . . . . . . . . . . . . . . . . . . . . . 640GET /analytics/custom_actions/actions/{action_id} . . . . . . . . . . . . . . . . . . . 642POST /analytics/custom_actions/actions/{action_id} . . . . . . . . . . . . . . . . . . . 643DELETE /analytics/custom_actions/actions/{action_id} . . . . . . . . . . . . . . . . . . 646GET /analytics/custom_actions/interpreters . . . . . . . . . . . . . . . . . . . . . . 646GET /analytics/custom_actions/interpreters/{interpreter_id} . . . . . . . . . . . . . . . . 647GET /analytics/custom_actions/scripts . . . . . . . . . . . . . . . . . . . . . . . 648POST /analytics/custom_actions/scripts . . . . . . . . . . . . . . . . . . . . . . . 650GET /analytics/custom_actions/scripts/{script_id} . . . . . . . . . . . . . . . . . . . . 651POST /analytics/custom_actions/scripts/{script_id} . . . . . . . . . . . . . . . . . . . 652DELETE /analytics/custom_actions/scripts/{script_id} . . . . . . . . . . . . . . . . . . 653GET /analytics/rule_groups . . . . . . . . . . . . . . . . . . . . . . . . . . . 654GET /analytics/rule_groups/{group_id} . . . . . . . . . . . . . . . . . . . . . . . 655POST /analytics/rule_groups/{group_id} . . . . . . . . . . . . . . . . . . . . . . . 657DELETE /analytics/rule_groups/{group_id} . . . . . . . . . . . . . . . . . . . . . . 659GET /analytics/rules . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 660GET /analytics/rules/rule_delete_tasks/{task_id} . . . . . . . . . . . . . . . . . . . . 662GET /analytics/rules/rule_dependent_tasks/{task_id} . . . . . . . . . . . . . . . . . . 663POST /analytics/rules/rule_dependent_tasks/{task_id} . . . . . . . . . . . . . . . . . . 666GET /analytics/rules/rule_dependent_tasks/{task_id}/results . . . . . . . . . . . . . . . . 669GET /analytics/rules/{id} . . . . . . . . . . . . . . . . . . . . . . . . . . . . 671POST /analytics/rules/{id}. . . . . . . . . . . . . . . . . . . . . . . . . . . . 672DELETE /analytics/rules/{id} . . . . . . . . . . . . . . . . . . . . . . . . . . . 674GET /analytics/rules/{id}/dependents . . . . . . . . . . . . . . . . . . . . . . . . 676

    Ariel endpoints. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 678GET /ariel/databases . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 678GET /ariel/databases/{database_name} . . . . . . . . . . . . . . . . . . . . . . . 679GET /ariel/event_saved_search_groups . . . . . . . . . . . . . . . . . . . . . . . 680GET /ariel/event_saved_search_groups/{group_id} . . . . . . . . . . . . . . . . . . . 682POST /ariel/event_saved_search_groups/{group_id} . . . . . . . . . . . . . . . . . . . 684DELETE /ariel/event_saved_search_groups/{group_id} . . . . . . . . . . . . . . . . . . 686GET /ariel/flow_saved_search_groups . . . . . . . . . . . . . . . . . . . . . . . . 687GET /ariel/flow_saved_search_groups/{group_id} . . . . . . . . . . . . . . . . . . . . 689POST /ariel/flow_saved_search_groups/{group_id} . . . . . . . . . . . . . . . . . . . 690DELETE /ariel/flow_saved_search_groups/{group_id} . . . . . . . . . . . . . . . . . . 692GET /ariel/saved_search_delete_tasks/{task_id}. . . . . . . . . . . . . . . . . . . . . 693GET /ariel/saved_search_dependent_tasks/{task_id} . . . . . . . . . . . . . . . . . . . 694POST /ariel/saved_search_dependent_tasks/{task_id}. . . . . . . . . . . . . . . . . . . 697GET /ariel/saved_search_dependent_tasks/{task_id}/results . . . . . . . . . . . . . . . . 700GET /ariel/saved_searches . . . . . . . . . . . . . . . . . . . . . . . . . . . . 702GET /ariel/saved_searches/{id} . . . . . . . . . . . . . . . . . . . . . . . . . . 703POST /ariel/saved_searches/{id}. . . . . . . . . . . . . . . . . . . . . . . . . . 704DELETE /ariel/saved_searches/{id} . . . . . . . . . . . . . . . . . . . . . . . . . 706GET /ariel/saved_searches/{id}/dependents . . . . . . . . . . . . . . . . . . . . . . 707GET /ariel/searches . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 710POST /ariel/searches. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 711GET /ariel/searches/{search_id} . . . . . . . . . . . . . . . . . . . . . . . . . . 713POST /ariel/searches/{search_id} . . . . . . . . . . . . . . . . . . . . . . . . . 714DELETE /ariel/searches/{search_id} . . . . . . . . . . . . . . . . . . . . . . . . 716GET /ariel/searches/{search_id}/results . . . . . . . . . . . . . . . . . . . . . . . 718

    Asset model endpoints . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 719GET /asset_model/assets . . . . . . . . . . . . . . . . . . . . . . . . . . . . 720POST /asset_model/assets/{asset_id} . . . . . . . . . . . . . . . . . . . . . . . . 721GET /asset_model/properties . . . . . . . . . . . . . . . . . . . . . . . . . . . 722GET /asset_model/saved_search_groups . . . . . . . . . . . . . . . . . . . . . . . 723GET /asset_model/saved_search_groups/{group_id} . . . . . . . . . . . . . . . . . . . 725POST /asset_model/saved_search_groups/{group_id}. . . . . . . . . . . . . . . . . . . 726

    x QRadar API Reference Guide

  • DELETE /asset_model/saved_search_groups/{group_id}. . . . . . . . . . . . . . . . . . 728GET /asset_model/saved_searches . . . . . . . . . . . . . . . . . . . . . . . . . 729GET /asset_model/saved_searches/{saved_search_id}. . . . . . . . . . . . . . . . . . . 730POST /asset_model/saved_searches/{saved_search_id} . . . . . . . . . . . . . . . . . . 732DELETE /asset_model/saved_searches/{saved_search_id} . . . . . . . . . . . . . . . . . 733GET /asset_model/saved_searches/{saved_search_id}/results . . . . . . . . . . . . . . . . 734

    Authentication endpoints . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 735POST /auth/logout . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 736

    Configuration endpoints. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 736GET /config/access/tenant_management/tenants . . . . . . . . . . . . . . . . . . . . 736POST /config/access/tenant_management/tenants. . . . . . . . . . . . . . . . . . . . 737GET /config/access/tenant_management/tenants/{tenant_id} . . . . . . . . . . . . . . . . 738POST /config/access/tenant_management/tenants/{tenant_id} . . . . . . . . . . . . . . . 739DELETE /config/access/tenant_management/tenants/{tenant_id} . . . . . . . . . . . . . . 740GET /config/deployment/hosts . . . . . . . . . . . . . . . . . . . . . . . . . . 741GET /config/deployment/hosts/{id} . . . . . . . . . . . . . . . . . . . . . . . . 744POST /config/deployment/hosts/{id} . . . . . . . . . . . . . . . . . . . . . . . . 747GET /config/deployment/license_pool. . . . . . . . . . . . . . . . . . . . . . . . 750GET /config/domain_management/domains. . . . . . . . . . . . . . . . . . . . . . 751POST /config/domain_management/domains . . . . . . . . . . . . . . . . . . . . . 753GET /config/domain_management/domains/{domain_id} . . . . . . . . . . . . . . . . . 754POST /config/domain_management/domains/{domain_id}. . . . . . . . . . . . . . . . . 755DELETE /config/domain_management/domains/{domain_id}. . . . . . . . . . . . . . . . 757GET /config/event_retention_buckets . . . . . . . . . . . . . . . . . . . . . . . . 759GET /config/event_retention_buckets/{id} . . . . . . . . . . . . . . . . . . . . . . 760POST /config/event_retention_buckets/{id} . . . . . . . . . . . . . . . . . . . . . . 762DELETE /config/event_retention_buckets/{id} . . . . . . . . . . . . . . . . . . . . . 763GET /config/event_sources/custom_properties/property_expressions . . . . . . . . . . . . . 764POST /config/event_sources/custom_properties/property_expressions . . . . . . . . . . . . . 766GET /config/event_sources/custom_properties/property_expressions/{expression_id} . . . . . . . . 768POST /config/event_sources/custom_properties/property_expressions/{expression_id} . . . . . . . 769DELETE /config/event_sources/custom_properties/property_expressions/{expression_id} . . . . . . 771GET /config/event_sources/custom_properties/regex_properties . . . . . . . . . . . . . . . 772POST /config/event_sources/custom_properties/regex_properties . . . . . . . . . . . . . . 773GET /config/event_sources/custom_properties/regex_properties/{regex_property_id} . . . . . . . . 775POST /config/event_sources/custom_properties/regex_properties/{regex_property_id} . . . . . . . 776DELETE /config/event_sources/custom_properties/regex_properties/{regex_property_id} . . . . . . 779GET /config/event_sources/custom_properties/regex_properties/{regex_property_id}/dependents . . . 781GET /config/event_sources/custom_properties/regex_property_delete_tasks/{task_id} . . . . . . . 783GET /config/event_sources/custom_properties/regex_property_dependent_tasks/{task_id} . . . . . . 785POST /config/event_sources/custom_properties/regex_property_dependent_tasks/{task_id}. . . . . . 788GET /config/event_sources/custom_properties/regex_property_dependent_tasks/{task_id}/results . . . 791GET /config/extension_management/extensions . . . . . . . . . . . . . . . . . . . . 793POST /config/extension_management/extensions . . . . . . . . . . . . . . . . . . . . 796GET /config/extension_management/extensions/{extension_id} . . . . . . . . . . . . . . . 798POST /config/extension_management/extensions/{extension_id} . . . . . . . . . . . . . . . 800DELETE /config/extension_management/extensions/{extension_id} . . . . . . . . . . . . . . 801GET /config/extension_management/extensions_task_status/{status_id} . . . . . . . . . . . . 803GET /config/extension_management/extensions_task_status/{status_id}/results . . . . . . . . . . 805GET /config/flow_retention_buckets . . . . . . . . . . . . . . . . . . . . . . . . 806GET /config/flow_retention_buckets/{id} . . . . . . . . . . . . . . . . . . . . . . . 808POST /config/flow_retention_buckets/{id} . . . . . . . . . . . . . . . . . . . . . . 809DELETE /config/flow_retention_buckets/{id} . . . . . . . . . . . . . . . . . . . . . 811GET /config/flow_sources/custom_properties/property_expressions. . . . . . . . . . . . . . 811POST /config/flow_sources/custom_properties/property_expressions . . . . . . . . . . . . . 813GET /config/flow_sources/custom_properties/property_expressions/{expression_id} . . . . . . . . 815POST /config/flow_sources/custom_properties/property_expressions/{expression_id}. . . . . . . . 817DELETE /config/flow_sources/custom_properties/property_expressions/{expression_id} . . . . . . . 819GET /config/flow_sources/custom_properties/regex_properties . . . . . . . . . . . . . . . 820POST /config/flow_sources/custom_properties/regex_properties . . . . . . . . . . . . . . . 822GET /config/flow_sources/custom_properties/regex_properties/{regex_property_id} . . . . . . . . 824

    Contents xi

  • POST /config/flow_sources/custom_properties/regex_properties/{regex_property_id} . . . . . . . . 825DELETE /config/flow_sources/custom_properties/regex_properties/{regex_property_id} . . . . . . . 827GET /config/flow_sources/custom_properties/regex_properties/{regex_property_id}/dependents . . . . 829GET /config/flow_sources/custom_properties/regex_property_dependent_tasks/{task_id} . . . . . . 832POST /config/flow_sources/custom_properties/regex_property_dependent_tasks/{task_id} . . . . . . 834GET /config/flow_sources/custom_properties/regex_property_dependent_tasks/{task_id}/results . . . . 837GET /config/global_system_notifications . . . . . . . . . . . . . . . . . . . . . . . 839GET /config/global_system_notifications/{notification_id} . . . . . . . . . . . . . . . . . 841GET /config/network_hierarchy/networks . . . . . . . . . . . . . . . . . . . . . . 842GET /config/network_hierarchy/staged_networks . . . . . . . . . . . . . . . . . . . . 843PUT /config/network_hierarchy/staged_networks . . . . . . . . . . . . . . . . . . . . 844GET /config/remote_networks . . . . . . . . . . . . . . . . . . . . . . . . . . 845GET /config/remote_networks/{network_id}. . . . . . . . . . . . . . . . . . . . . . 847GET /config/remote_services . . . . . . . . . . . . . . . . . . . . . . . . . . . 848GET /config/remote_services/{service_id} . . . . . . . . . . . . . . . . . . . . . . 849GET /config/resource_restrictions . . . . . . . . . . . . . . . . . . . . . . . . . 850POST /config/resource_restrictions . . . . . . . . . . . . . . . . . . . . . . . . . 852GET /config/resource_restrictions/{resource_restriction_id} . . . . . . . . . . . . . . . . . 853DELETE /config/resource_restrictions/{resource_restriction_id} . . . . . . . . . . . . . . . 854PUT /config/resource_restrictions/{resource_restriction_id} . . . . . . . . . . . . . . . . . 854GET /config/store_and_forward/policies . . . . . . . . . . . . . . . . . . . . . . . 856GET /config/store_and_forward/policies/{id} . . . . . . . . . . . . . . . . . . . . . 857POST /config/store_and_forward/policies/{id} . . . . . . . . . . . . . . . . . . . . . 858DELETE /config/store_and_forward/policies/{id} . . . . . . . . . . . . . . . . . . . . 860

    Data classification endpoints . . . . . . . . . . . . . . . . . . . . . . . . . . . . 860GET /data_classification/dsm_event_mappings . . . . . . . . . . . . . . . . . . . . . 860POST /data_classification/dsm_event_mappings . . . . . . . . . . . . . . . . . . . . 862GET /data_classification/dsm_event_mappings/{dsm_event_mapping_id} . . . . . . . . . . . . 864POST /data_classification/dsm_event_mappings/{dsm_event_mapping_id} . . . . . . . . . . . 865GET /data_classification/high_level_categories . . . . . . . . . . . . . . . . . . . . . 866GET /data_classification/high_level_categories/{high_level_category_id} . . . . . . . . . . . . 868GET /data_classification/low_level_categories . . . . . . . . . . . . . . . . . . . . . 869GET /data_classification/low_level_categories/{low_level_category_id} . . . . . . . . . . . . . 870GET /data_classification/qid_records . . . . . . . . . . . . . . . . . . . . . . . . 871POST /data_classification/qid_records . . . . . . . . . . . . . . . . . . . . . . . . 873GET /data_classification/qid_records/{qid_record_id}. . . . . . . . . . . . . . . . . . . 875POST /data_classification/qid_records/{qid_record_id} . . . . . . . . . . . . . . . . . . 876

    Forensics endpoints . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 878GET /forensics/capture/recoveries . . . . . . . . . . . . . . . . . . . . . . . . . 878POST /forensics/capture/recoveries. . . . . . . . . . . . . . . . . . . . . . . . . 879GET /forensics/capture/recoveries/{id} . . . . . . . . . . . . . . . . . . . . . . . 881GET /forensics/capture/recovery_tasks . . . . . . . . . . . . . . . . . . . . . . . 882GET /forensics/capture/recovery_tasks/{id} . . . . . . . . . . . . . . . . . . . . . . 884GET /forensics/case_management/case_create_tasks/{id} . . . . . . . . . . . . . . . . . 886GET /forensics/case_management/cases . . . . . . . . . . . . . . . . . . . . . . . 888POST /forensics/case_management/cases . . . . . . . . . . . . . . . . . . . . . . . 889GET /forensics/case_management/cases/{id} . . . . . . . . . . . . . . . . . . . . . 891

    GUI application framework endpoints . . . . . . . . . . . . . . . . . . . . . . . . . 892GET /gui_app_framework/application_creation_task . . . . . . . . . . . . . . . . . . . 892POST /gui_app_framework/application_creation_task . . . . . . . . . . . . . . . . . . 892GET /gui_app_framework/application_creation_task/{application_id} . . . . . . . . . . . . . 894POST /gui_app_framework/application_creation_task/{application_id} . . . . . . . . . . . . . 895GET /gui_app_framework/applications . . . . . . . . . . . . . . . . . . . . . . . 896GET /gui_app_framework/applications/{application_id} . . . . . . . . . . . . . . . . . . 898POST /gui_app_framework/applications/{application_id} . . . . . . . . . . . . . . . . . 901PUT /gui_app_framework/applications/{application_id} . . . . . . . . . . . . . . . . . . 904DELETE /gui_app_framework/applications/{application_id} . . . . . . . . . . . . . . . . 905GET /gui_app_framework/named_services . . . . . . . . . . . . . . . . . . . . . . 906GET /gui_app_framework/named_services/{uuid}. . . . . . . . . . . . . . . . . . . . 908

    Help endpoints . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 910GET /help/endpoints . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 910

    xii QRadar API Reference Guide

  • GET /help/endpoints/{endpoint_id} . . . . . . . . . . . . . . . . . . . . . . . . 913GET /help/resources . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 916GET /help/resources/{resource_id} . . . . . . . . . . . . . . . . . . . . . . . . . 917GET /help/versions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 918GET /help/versions/{version_id} . . . . . . . . . . . . . . . . . . . . . . . . . 920

    IBM Security QRadar Risk Manager endpoints . . . . . . . . . . . . . . . . . . . . . . 921GET /qrm/model_groups . . . . . . . . . . . . . . . . . . . . . . . . . . . . 921GET /qrm/model_groups/{group_id} . . . . . . . . . . . . . . . . . . . . . . . . 923POST /qrm/model_groups/{group_id}. . . . . . . . . . . . . . . . . . . . . . . . 924DELETE /qrm/model_groups/{group_id} . . . . . . . . . . . . . . . . . . . . . . . 926GET /qrm/qrm_saved_search_groups . . . . . . . . . . . . . . . . . . . . . . . . 926GET /qrm/qrm_saved_search_groups/{group_id} . . . . . . . . . . . . . . . . . . . . 928POST /qrm/qrm_saved_search_groups/{group_id} . . . . . . . . . . . . . . . . . . . 930DELETE /qrm/qrm_saved_search_groups/{group_id}. . . . . . . . . . . . . . . . . . . 932GET /qrm/question_groups . . . . . . . . . . . . . . . . . . . . . . . . . . . 932GET /qrm/question_groups/{group_id} . . . . . . . . . . . . . . . . . . . . . . . 934POST /qrm/question_groups/{group_id} . . . . . . . . . . . . . . . . . . . . . . . 936DELETE /qrm/question_groups/{group_id} . . . . . . . . . . . . . . . . . . . . . . 937GET /qrm/simulation_groups. . . . . . . . . . . . . . . . . . . . . . . . . . . 938GET /qrm/simulation_groups/{group_id}. . . . . . . . . . . . . . . . . . . . . . . 940POST /qrm/simulation_groups/{group_id} . . . . . . . . . . . . . . . . . . . . . . 941DELETE /qrm/simulation_groups/{group_id} . . . . . . . . . . . . . . . . . . . . . 943GET /qrm/topology_saved_search_groups . . . . . . . . . . . . . . . . . . . . . . 944GET /qrm/topology_saved_search_groups/{group_id} . . . . . . . . . . . . . . . . . . 946POST /qrm/topology_saved_search_groups/{group_id} . . . . . . . . . . . . . . . . . . 947DELETE /qrm/topology_saved_search_groups/{group_id} . . . . . . . . . . . . . . . . . 949

    QRadar Vulnerability Manager endpoints . . . . . . . . . . . . . . . . . . . . . . . . 949GET /qvm/assets . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 950GET /qvm/filters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 950GET /qvm/network . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 951GET /qvm/openservices . . . . . . . . . . . . . . . . . . . . . . . . . . . . 951GET /qvm/saved_search_groups. . . . . . . . . . . . . . . . . . . . . . . . . . 952GET /qvm/saved_search_groups/{group_id}. . . . . . . . . . . . . . . . . . . . . . 954POST /qvm/saved_search_groups/{group_id} . . . . . . . . . . . . . . . . . . . . . 956DELETE /qvm/saved_search_groups/{group_id} . . . . . . . . . . . . . . . . . . . . 957GET /qvm/saved_searches. . . . . . . . . . . . . . . . . . . . . . . . . . . . 958GET /qvm/saved_searches/vuln_instances/{task_id}/results/assets . . . . . . . . . . . . . . 959GET /qvm/saved_searches/vuln_instances/{task_id}/results/vuln_instances . . . . . . . . . . . 961GET /qvm/saved_searches/vuln_instances/{task_id}/results/vulnerabilities . . . . . . . . . . . 963GET /qvm/saved_searches/vuln_instances/{task_id}/status . . . . . . . . . . . . . . . . 964POST /qvm/saved_searches/vuln_instances/{task_id}/status . . . . . . . . . . . . . . . . 965GET /qvm/saved_searches/{saved_search_id} . . . . . . . . . . . . . . . . . . . . . 967POST /qvm/saved_searches/{saved_search_id} . . . . . . . . . . . . . . . . . . . . . 968DELETE /qvm/saved_searches/{saved_search_id} . . . . . . . . . . . . . . . . . . . . 969GET /qvm/saved_searches/{saved_search_id}/vuln_instances . . . . . . . . . . . . . . . . 970POST /qvm/tickets/assign. . . . . . . . . . . . . . . . . . . . . . . . . . . . 971GET /qvm/vulns . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 972

    Reference data endpoints . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 973GET /reference_data/map_delete_tasks/{task_id} . . . . . . . . . . . . . . . . . . . . 973GET /reference_data/map_dependent_tasks/{task_id} . . . . . . . . . . . . . . . . . . 974POST /reference_data/map_dependent_tasks/{task_id} . . . . . . . . . . . . . . . . . . 977GET /reference_data/map_dependent_tasks/{task_id}/results . . . . . . . . . . . . . . . . 980GET /reference_data/map_of_sets . . . . . . . . . . . . . . . . . . . . . . . . . 982POST /reference_data/map_of_sets . . . . . . . . . . . . . . . . . . . . . . . . . 983POST /reference_data/map_of_sets/bulk_load/{name} . . . . . . . . . . . . . . . . . . 985GET /reference_data/map_of_sets/{name} . . . . . . . . . . . . . . . . . . . . . . 986POST /reference_data/map_of_sets/{name} . . . . . . . . . . . . . . . . . . . . . . 987DELETE /reference_data/map_of_sets/{name} . . . . . . . . . . . . . . . . . . . . . 989GET /reference_data/map_of_sets/{name}/dependents . . . . . . . . . . . . . . . . . . 991DELETE /reference_data/map_of_sets/{name}/{key} . . . . . . . . . . . . . . . . . . . 992GET /reference_data/map_of_sets_delete_tasks/{task_id} . . . . . . . . . . . . . . . . . 994

    Contents xiii

  • GET /reference_data/map_of_sets_dependent_tasks/{task_id} . . . . . . . . . . . . . . . . 995POST /reference_data/map_of_sets_dependent_tasks/{task_id} . . . . . . . . . . . . . . . 998GET /reference_data/map_of_sets_dependent_tasks/{task_id}/results . . . . . . . . . . . . . 1001GET /reference_data/maps . . . . . . . . . . . . . . . . . . . . . . . . . . . 1003POST /reference_data/maps . . . . . . . . . . . . . . . . . . . . . . . . . . . 1004POST /reference_data/maps/bulk_load/{name} . . . . . . . . . . . . . . . . . . . . 1005GET /reference_data/maps/{name} . . . . . . . . . . . . . . . . . . . . . . . . 1007POST /reference_data/maps/{name} . . . . . . . . . . . . . . . . . . . . . . . . 1008DELETE /reference_data/maps/{name} . . . . . . . . . . . . . . . . . . . . . . . 1010GET /reference_data/maps/{name}/dependents . . . . . . . . . . . . . . . . . . . . 1011DELETE /reference_data/maps/{name}/{key} . . . . . . . . . . . . . . . . . . . . . 1013GET /reference_data/set_delete_tasks/{task_id} . . . . . . . . . . . . . . . . . . . . 1014GET /reference_data/set_dependent_tasks/{task_id} . . . . . . . . . . . . . . . . . . . 1016POST /reference_data/set_dependent_tasks/{task_id} . . . . . . . . . . . . . . . . . . 1018GET /reference_data/set_dependent_tasks/{task_id}/results . . . . . . . . . . . . . . . . 1021GET /reference_data/sets . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1023POST /reference_data/sets . . . . . . . . . . . . . . . . . . . . . . . . . . . 1025POST /reference_data/sets/bulk_load/{name} . . . . . . . . . . . . . . . . . . . . . 1026GET /reference_data/sets/{name} . . . . . . . . . . . . . . . . . . . . . . . . . 1027POST /reference_data/sets/{name}. . . . . . . . . . . . . . . . . . . . . . . . . 1029DELETE /reference_data/sets/{name}. . . . . . . . . . . . . . . . . . . . . . . . 1030DELETE /reference_data/sets/{name}/{value} . . . . . . . . . . . . . . . . . . . . . 1032GET /reference_data/sets/{name}/dependents . . . . . . . . . . . . . . . . . . . . . 1033GET /reference_data/tables . . . . . . . . . . . . . . . . . . . . . . . . . . . 1035POST /reference_data/tables . . . . . . . . . . . . . . . . . . . . . . . . . . . 1036POST /reference_data/tables/bulk_load/{name} . . . . . . . . . . . . . . . . . . . . 1037GET /reference_data/tables/{name} . . . . . . . . . . . . . . . . . . . . . . . . 1039POST /reference_data/tables/{name} . . . . . . . . . . . . . . . . . . . . . . . . 1040DELETE /reference_data/tables/{name} . . . . . . . . . . . . . . . . . . . . . . . 1042GET /reference_data/tables/{name}/dependents . . . . . . . . . . . . . . . . . . . . 1044DELETE /reference_data/tables/{name}/{outer_key}/{inner_key} . . . . . . . . . . . . . . 1045

    Scanner endpoints . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1047GET /scanner/profiles . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1047POST /scanner/profiles/create . . . . . . . . . . . . . . . . . . . . . . . . . . 1047POST /scanner/profiles/start . . . . . . . . . . . . . . . . . . . . . . . . . . 1048GET /scanner/scanprofiles . . . . . . . . . . . . . . . . . . . . . . . . . . . 1049POST /scanner/scanprofiles . . . . . . . . . . . . . . . . . . . . . . . . . . . 1050GET /scanner/scanprofiles/{profileid} . . . . . . . . . . . . . . . . . . . . . . . 1051POST /scanner/scanprofiles/{profileid} . . . . . . . . . . . . . . . . . . . . . . . 1053DELETE /scanner/scanprofiles/{profileid} . . . . . . . . . . . . . . . . . . . . . . 1054POST /scanner/scanprofiles/{profileid}/start . . . . . . . . . . . . . . . . . . . . . 1054

    Services endpoints . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1055POST /services/dig_lookups . . . . . . . . . . . . . . . . . . . . . . . . . . . 1055GET /services/dig_lookups/{dig_lookup_id} . . . . . . . . . . . . . . . . . . . . . 1056POST /services/dns_lookups . . . . . . . . . . . . . . . . . . . . . . . . . . 1058GET /services/dns_lookups/{dns_lookup_id} . . . . . . . . . . . . . . . . . . . . . 1059POST /services/port_scans . . . . . . . . . . . . . . . . . . . . . . . . . . . 1060GET /services/port_scans/{port_scan_id} . . . . . . . . . . . . . . . . . . . . . . 1061POST /services/whois_lookups . . . . . . . . . . . . . . . . . . . . . . . . . . 1062GET /services/whois_lookups/{whois_lookup_id} . . . . . . . . . . . . . . . . . . . 1063

    SIEM endpoints . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1065GET /siem/local_destination_addresses . . . . . . . . . . . . . . . . . . . . . . . 1065GET /siem/local_destination_addresses/{local_destination_address_id} . . . . . . . . . . . . 1066GET /siem/offense_closing_reasons . . . . . . . . . . . . . . . . . . . . . . . . 1068POST /siem/offense_closing_reasons . . . . . . . . . . . . . . . . . . . . . . . . 1069GET /siem/offense_closing_reasons/{closing_reason_id} . . . . . . . . . . . . . . . . . 1070GET /siem/offense_saved_search_delete_tasks/{task_id} . . . . . . . . . . . . . . . . . 1071GET /siem/offense_saved_search_dependent_tasks/{task_id} . . . . . . . . . . . . . . . . 1073POST /siem/offense_saved _search_dependent_tasks/{task_id} . . . . . . . . . . . . . . . 1075GET /siem/offense_saved _search_dependent_tasks/{task_id}/results . . . . . . . . . . . . . 1078GET /siem/offense_saved_search_groups . . . . . . . . . . . . . . . . . . . . . . 1080

    xiv QRadar API Reference Guide

  • GET /siem/offense_saved_search_groups/{group_id} . . . . . . . . . . . . . . . . . . 1082POST /siem/offense_saved_search_groups/{group_id} . . . . . . . . . . . . . . . . . . 1084DELETE /siem/offense_saved_search_groups/{group_id} . . . . . . . . . . . . . . . . . 1086GET /siem/offense_saved_searches . . . . . . . . . . . . . . . . . . . . . . . . 1086GET /siem/offense_saved_searches/{id} . . . . . . . . . . . . . . . . . . . . . . . 1087POST /siem/offense_saved_searches/{id} . . . . . . . . . . . . . . . . . . . . . . 1089DELETE /siem/offense_saved_searches/{id} . . . . . . . . . . . . . . . . . . . . . 1090GET /siem/offense_saved_searches/{id}/dependents . . . . . . . . . . . . . . . . . . 1092GET /siem/offenses. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1095GET /siem/offenses/{offense_id} . . . . . . . . . . . . . . . . . . . . . . . . . 1097GET /siem/offenses/{offense_id}/notes . . . . . . . . . . . . . . . . . . . . . . . 1100GET /siem/offenses/{offense_id}/notes/{note_id}. . . . . . . . . . . . . . . . . . . . 1101POST /siem/offenses/{offense_id}/notes . . . . . . . . . . . . . . . . . . . . . . . 1102POST /siem/offenses/{offense_id} . . . . . . . . . . . . . . . . . . . . . . . . . 1103GET /siem/offense_types . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1107GET /siem/offense_types/{offense_type_id}. . . . . . . . . . . . . . . . . . . . . . 1109GET /siem/source_addresses. . . . . . . . . . . . . . . . . . . . . . . . . . . 1110GET /siem/source_addresses/{source_address_id} . . . . . . . . . . . . . . . . . . . 1111

    Staged configuration endpoints . . . . . . . . . . . . . . . . . . . . . . . . . . . 1113GET /staged_config/deploy_status . . . . . . . . . . . . . . . . . . . . . . . . . 1113POST /staged_config/deploy_status . . . . . . . . . . . . . . . . . . . . . . . . 1114GET /staged_config/deployment/hosts . . . . . . . . . . . . . . . . . . . . . . . 1115GET /staged_config/deployment/hosts/{id} . . . . . . . . . . . . . . . . . . . . . 1118GET /staged_config/global_system_notifications . . . . . . . . . . . . . . . . . . . . 1121GET /staged_config/global_system_notifications/{notification_id} . . . . . . . . . . . . . . 1122POST /staged_config/global_system_notifications/{notification_id} . . . . . . . . . . . . . . 1123GET /staged_config/remote_networks . . . . . . . . . . . . . . . . . . . . . . . 1125POST /staged_config/remote_networks . . . . . . . . . . . . . . . . . . . . . . . 1126GET /staged_config/remote_networks/{network_id} . . . . . . . . . . . . . . . . . . . 1127POST /staged_config/remote_networks/{network_id} . . . . . . . . . . . . . . . . . . 1128DELETE /staged_config/remote_networks/{network_id} . . . . . . . . . . . . . . . . . 1130GET /staged_config/remote_services . . . . . . . . . . . . . . . . . . . . . . . . 1130POST /staged_config/remote_services . . . . . . . . . . . . . . . . . . . . . . . 1132GET /staged_config/remote_services/{service_id} . . . . . . . . . . . . . . . . . . . . 1133POST /staged_config/remote_services/{service_id} . . . . . . . . . . . . . . . . . . . 1134DELETE /staged_config/remote_services/{service_id} . . . . . . . . . . . . . . . . . . 1135DELETE /staged_config/yara_rules . . . . . . . . . . . . . . . . . . . . . . . . 1136PUT /staged_config/yara_rules . . . . . . . . . . . . . . . . . . . . . . . . . . 1136

    System endpoints. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1137GET /system/authorization/password_policies . . . . . . . . . . . . . . . . . . . . 1137GET /system/authorization/password_policies/{id} . . . . . . . . . . . . . . . . . . . 1139POST /system/authorization/password_policies/{id} . . . . . . . . . . . . . . . . . . 1140GET /system/information/locales . . . . . . . . . . . . . . . . . . . . . . . . . 1142GET /system/servers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1143GET /system/servers/{server_id} . . . . . . . . . . . . . . . . . . . . . . . . . 1144POST /system/servers/{server_id} . . . . . . . . . . . . . . . . . . . . . . . . . 1145GET /system/servers/{server_id}/firewall_rules . . . . . . . . . . . . . . . . . . . . 1147PUT /system/servers/{server_id}/firewall_rules . . . . . . . . . . . . . . . . . . . . 1148GET /system/servers/{server_id}/network_interfaces/bonded . . . . . . . . . . . . . . . 1149POST /system/servers/{server_id}/network_interfaces/bonded . . . . . . . . . . . . . . . 1152POST /system/servers/{server_id}/network_interfaces/bonded/{device_name}. . . . . . . . . . 1154DELETE /system/servers/{server_id}/network_interfaces/bonded/{device_name} . . . . . . . . . 1156GET /system/servers/{server_id}/network_interfaces/ethernet . . . . . . . . . . . . . . . 1157POST /system/servers/{server_id}/network_interfaces/ethernet/{device_name} . . . . . . . . . 1159GET /system/servers/{server_id}/system_time_settings. . . . . . . . . . . . . . . . . . 1161POST /system/servers/{server_id}/system_time_settings . . . . . . . . . . . . . . . . . 1162GET /system/servers/{server_id}/timezones . . . . . . . . . . . . . . . . . . . . . 1165

    REST API V7.0 References . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1166Analytics endpoints . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1166

    GET /analytics/ade_rules . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1166GET /analytics/ade_rules/{id} . . . . . . . . . . . . . . . . . . . . . . . . . . 1167

    Contents xv

  • POST /analytics/ade_rules/{id} . . . . . . . . . . . . . . . . . . . . . . . . . . 1168DELETE /analytics/ade_rules/{id} . . . . . . . . . . . . . . . . . . . . . . . . . 1170GET /analytics/ade_rules/{id}/dependents . . . . . . . . . . . . . . . . . . . . . . 1171GET /analytics/ade_rules/ade_rule_delete_tasks/{task_id}. . . . . . . . . . . . . . . . . 1174GET /analytics/ade_rules/ade_rule_dependent_tasks/{task_id} . . . . . . . . . . . . . . . 1175POST /analytics/ade_rules/ade_rule_dependent_tasks/{task_id} . . . . . . . . . . . . . . . 1178GET /analytics/ade_rules/ade_rule_dependent_tasks/{task_id}/results . . . . . . . . . . . . 1181GET /analytics/building_blocks. . . . . . . . . . . . . . . . . . . . . . . . . . 1183GET /analytics/building_blocks/building_block_delete_tasks/{task_id} . . . . . . . . . . . . 1184GET /analytics/building_blocks/building_block_dependent_tasks/{task_id} . . . . . . . . . . . 1186POST /analytics/building_blocks/building_block_dependent_tasks/{task_id} . . . . . . . . . . 1189GET /analytics/building_blocks/building_block_dependent_tasks/{task_id}/results . . . . . . . . 1192GET /analytics/building_blocks/{id} . . . . . . . . . . . . . . . . . . . . . . . . 1194POST /analytics/building_blocks/{id}. . . . . . . . . . . . . . . . . . . . . . . . 1195DELETE /analytics/building_blocks/{id}. . . . . . . . . . . . . . . . . . . . . . . 1196GET /analytics/building_blocks/{id}/dependents . . . . . . . . . . . . . . . . . . . . 1198GET /analytics/custom_actions/actions . . . . . . . . . . . . . . . . . . . . . . . 1200POST /analytics/custom_actions/actions. . . . . . . . . . . . . . . . . . . . . . . 1202GET /analytics/custom_actions/actions/{action_id} . . . . . . . . . . . . . . . . . . . 1204POST /analytics/custom_actions/actions/{action_id}. . . . . . . . . . . . . . . . . . . 1205DELETE /analytics/custom_actions/actions/{action_id}. . . . . . . . . . . . . . . . . . 1208GET /analytics/custom_actions/interpreters . . . . . . . . . . . . . . . . . . . . . 1208GET /analytics/custom_actions/interpreters/{interpreter_id} . . . . . . . . . . . . . . . . 1209GET /analytics/custom_actions/scripts . . . . . . . . . . . . . . . . . . . . . . . 1210POST /analytics/custom_actions/scripts . . . . . . . . . . . . . . . . . . . . . . . 1212GET /analytics/custom_actions/scripts/{script_id} . . . . . . . . . . . . . . . . . . . 1213POST /analytics/custom_actions/scripts/{script_id} . . . . . . . . . . . . . . . . . . . 1214DELETE /analytics/custom_actions/scripts/{script_id} . . . . . . . . . . . . . . . . . . 1215GET /analytics/rule_groups . . . . . . . . . . . . . . . . . . . . . . . . . . . 1216GET /analytics/rule_groups/{group_id} . . . . . . . . . . . . . . . . . . . . . . . 1217POST /analytics/rule_groups/{group_id} . . . . . . . . . . . . . . . . . . . . . . 1219DELETE /analytics/rule_groups/{group_id} . . . . . . . . . . . . . . . . . . . . . 1221GET /analytics/rules . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1222GET /analytics/rules/rule_delete_tasks/{task_id} . . . . . . . . . . . . . . . . . . . . 1224GET /analytics/rules/rule_dependent_tasks/{task_id} . . . . . . . . . . . . . . . . . . 1225POST /analytics/rules/rule_dependent_tasks/{task_id} . . . . . . . . . . . . . . . . . . 1227GET /analytics/rules/rule_dependent_tasks/{task_id}/results . . . . . . . . . . . . . . . 1230GET /analytics/rules/{id} . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1232POST /analytics/rules/{id} . . . . . . . . . . . . . . . . . . . . . . . . . . . 1233DELETE /analytics/rules/{id} . . . . . . . . . . . . . . . . . . . . . . . . . . 1235GET /analytics/rules/{id}/dependents . . . . . . . . . . . . . . . . . . . . . . . 1236

    Ariel endpoints . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1239GET /ariel/databases . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1239GET /ariel/databases/{database_name} . . . . . . . . . . . . . . . . . . . . . . . 1240GET /ariel/event_saved_search_groups . . . . . . . . . . . . . . . . . . . . . . . 1241GET /ariel/event_saved_search_groups/{group_id} . . . . . . . . . . . . . . . . . . . 1243POST /ariel/event_saved_search_groups/{group_id} . . . . . . . . . . . . . . . . . . . 1244DELETE /ariel/event_saved_search_groups/{group_id} . . . . . . . . . . . . . . . . . . 1246GET /ariel/flow_saved_search_groups . . . . . . . . . . . . . . . . . . . . . . . 1247GET /ariel/flow_saved_search_groups/{group_id} . . . . . . . . . . . . . . . . . . . 1249POST /ariel/flow_saved_search_groups/{group_id} . . . . . . . . . . . . . . . . . . . 1250DELETE /ariel/flow_saved_search_groups/{group_id} . . . . . . . . . . . . . . . . . . 1252GET /ariel/saved_search_delete_tasks/{task_id} . . . . . . . . . . . . . . . . . . . . 1253GET /ariel/saved_search_dependent_tasks/{task_id}. . . . . . . . . . . . . . . . . . . 1254POST /ariel/saved_search_dependent_tasks/{task_id} . . . . . . . . . . . . . . . . . . 1257GET /ariel/saved_search_dependent_tasks/{task_id}/results . . . . . . . . . . . . . . . . 1260GET /ariel/saved_searches . . . . . . . . . . . . . . . . . . . . . . . . . . . 1262GET /ariel/saved_searches/{id} . . . . . . . . . . . . . . . . . . . . . . . . . . 1263POST /ariel/saved_searches/{id} . . . . . . . . . . . . . . . . . . . . . . . . . 1264DELETE /ariel/saved_searches/{id} . . . . . . . . . . . . . . . . . . . . . . . . 1266GET /ariel/saved_searches/{id}/dependents . . . . . . . . . . . . . . . . . . . . . 1267

    xvi QRadar API Reference Guide

  • GET /ariel/searches. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1270POST /ariel/searches . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1271GET /ariel/searches/{search_id} . . . . . . . . . . . . . . . . . . . . . . . . . 1273POST /ariel/searches/{search_id} . . . . . . . . . . . . . . . . . . . . . . . . . 1274DELETE /ariel/searches/{search_id} . . . . . . . . . . . . . . . . . . . . . . . . 1276GET /ariel/searches/{search_id}/results . . . . . . . . . . . . . . . . . . . . . . . 1278

    Asset model endpoints . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1279GET /asset_model/assets . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1280POST /asset_model/assets/{asset_id} . . . . . . . . . . . . . . . . . . . . . . . . 1281GET /asset_model/properties . . . . . . . . . . . . . . . . . . . . . . . . . . 1282GET /asset_model/saved_search_groups. . . . . . . . . . . . . . . . . . . . . . . 1283GET /asset_model/saved_search_groups/{group_id}. . . . . . . . . . . . . . . . . . . 1285POST /asset_model/saved_search_groups/{group_id} . . . . . . . . . . . . . . . . . . 1286DELETE /asset_model/saved_search_groups/{group_id} . . . . . . . . . . . . . . . . . 1288GET /asset_model/saved_searches . . . . . . . . . . . . . . . . . . . . . . . . . 1289GET /asset_model/saved_searches/{saved_search_id} . . . . . . . . . . . . . . . . . . 1290POST /asset_model/saved_searches/{saved_search_id} . . . . . . . . . . . . . . . . . . 1292DELETE /asset_model/saved_searches/{saved_search_id} . . . . . . . . . . . . . . . . . 1293GET /asset_model/saved_searches/{saved_search_id}/results. . . . . . . . . . . . . . . . 1294

    Authentication endpoints . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1295POST /auth/logout . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1296

    Configuration endpoints . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1296GET /config/access/tenant_management/tenants. . . . . . . . . . . . . . . . . . . . 1296POST /config/access/tenant_management/tenants . . . . . . . . . . . . . . . . . . . 1297GET /config/access/tenant_management/tenants/{tenant_id} . . . . . . . . . . . . . . . 1298POST /config/access/tenant_management/tenants/{tenant_id} . . . . . . . . . . . . . . . 1299DELETE /config/access/tenant_management/tenants/{tenant_id} . . . . . . . . . . . . . . 1300GET /config/domain_management/domains . . . . . . . . . . . . . . . . . . . . . 1301POST /config/domain_management/domains . . . . . . . . . . . . . . . . . . . . . 1303GET /config/domain_management/domains/{domain_id}. . . . . . . . . . . . . . . . . 1305POST /config/domain_management/domains/{domain_id} . . . . . . . . . . . . . . . . 1306DELETE /config/domain_management/domains/{domain_id} . . . . . . . . . . . . . . . 1308GET /config/event_retention_buckets . . . . . . . . . . . . . . . . . . . . . . . . 1309GET /config/event_retention_buckets/{id} . . . . . . . . . . . . . . . . . . . . . . 1311POST /config/event_retention_buckets/{id} . . . . . . . . . . . . . . . . . . . . . . 1312DELETE /config/event_retention_buckets/{id} . . . . . . . . . . . . . . . . . . . . . 1314GET /config/event_sources/custom_properties/property_expressions . . . . . . . . . . . . . 1315POST /config/event_sources/custom_properties/property_expressions . . . . . . . . . . . . 1316GET /config/event_sources/custom_properties/property_expressions/{expression_id} . . . . . . . 1318POST /config/event_sources/custom_properties/property_expressions/{expression_id} . . . . . . . 1320DELETE /config/event_sources/custom_properties/property_expressions/{expression_id} . . . . . . 1322GET /config/event_sources/custom_properties/regex_properties . . . . . . . . . . . . . . 1323POST /config/event_sources/custom_properties/regex_properties . . . . . . . . . . . . . . 1324GET /config/event_sources/custom_properties/regex_properties/{regex_property_id} . . . . . . . 1326POST /config/event_sources/custom_properties/regex_properties/{regex_property_id} . . . . . . . 1327DELETE /config/event_sources/custom_properties/regex_properties/{regex_property_id} . . . . . . 1330GET /config/event_sources/custom_properties/regex_properties/{regex_property_id}/dependents . . . 1332GET /config/event_sources/custom_properties/regex_property_delete_tasks/{task_id} . . . . . . . 1334GET /config/event_sources/custom_properties/regex_property_dependent_tasks/{task_id}. . . . . . 1336POST /config/event_sources/custom_properties/regex_property_dependent_tasks/{task_id} . . . . . 1339GET /config/event_sources/custom_properties/regex_property_dependent_tasks/{task_id}/results . . . 1342GET /config/extension_management/extensions . . . . . . . . . . . . . . . . . . . . 1344POST /config/extension_management/extensions. . . . . . . . . . . . . . . . . . . . 1347GET /config/extension_management/extensions/{extension_id} . . . . . . . . . . . . . . . 1349POST /config/extension_management/extensions/{extension_id} . . . . . . . . . . . . . . 1351DELETE /config/extension_management/extensions/{extension_id} . . . . . . . . . . . . . 1352GET /config/extension_management/extensions_task_status/{status_id} . . . . . . . . . . . . 1354GET /config/extension_management/extensions_task_status/{status_id}/results . . . . . . . . . 1356GET /config/flow_retention_buckets . . . . . . . . . . . . . . . . . . . . . . . . 1357GET /config/flow_retention_buckets/{id} . . . . . . . . . . . . . . . . . . . . . . 1359POST /config/flow_retention_buckets/{id} . . . . . . . . . . . . . . . . . . . . . . 1360

    Contents xvii

  • DELETE /config/flow_retention_buckets/{id} . . . . . . . . . . . . . . . . . . . . . 1362GET /config/flow_sources/custom_properties/property_expressions . . . . . . . . . . . . . 1362POST /config/flow_sources/custom_properties/property_expressions . . . . . . . . . . . . . 1364GET /config/flow_sources/custom_properties/property_expressions/{expression_id} . . . . . . . . 1366POST /config/flow_sources/custom_properties/property_expressions/{expression_id} . . . . . . . 1368DELETE /config/flow_sources/custom_properties/property_expressions/{expression_id} . . . . . . 1370GET /config/flow_sources/custom_properties/regex_properties . . . . . . . . . . . . . . . 1371POST /config/flow_sources/custom_properties/regex_properties . . . . . . . . . . . . . . 1373GET /config/flow_sources/custom_properties/regex_properties/{regex_property_id} . . . . . . . . 1375POST /config/flow_sources/custom_properties/regex_properties/{regex_property_id} . . . . . . . 1376DELETE /config/flow_sources/custom_properties/regex_properties/{regex_property_id} . . . . . . 1378GET /config/flow_sources/custom_properties/regex_properties/{regex_property_id}/dependents . . . 1380GET /config/flow_sources/custom_properties/regex_property_dependent_tasks/{task_id} . . . . . . 1383POST /config/flow_sources/custom_properties/regex_property_dependent_tasks/{task_id} . . . . . 1385GET /config/flow_sources/custom_properties/regex_property_dependent_tasks/{task_id}/results . . . 1388GET /config/global_system_notifications . . . . . . . . . . . . . . . . . . . . . . 1390GET /config/global_system_notifications/{notification_id} . . . . . . . . . . . . . . . . . 1392GET /config/network_hierarchy/networks . . . . . . . . . . . . . . . . . . . . . . 1393GET /config/network_hierarchy/staged_networks . . . . . . . . . . . . . . . . . . . 1394PUT /config/network_hierarchy/staged_networks . . . . . . . . . . . . . . . . . . . 1395GET /config/resource_restrictions . . . . . . . . . . . . . . . . . . . . . . . . . 1396POST /config/resource_restrictions . . . . . . . . . . . . . . . . . . . . . . . . 1397GET /config/resource_restrictions/{resource_restriction_id} . . . . . . . . . . . . . . . . 1398DELETE /config/resource_restrictions/{resource_restriction_id} . . . . . . . . . . . . . . . 1399PUT /config/resource_restrictions/{resource_restriction_id} . . . . . . . . . . . . . . . . 1400GET /config/store_and_forward/policies . . . . . . . . . . . . . . . . . . . . . . 1401GET /config/store_and_forward/policies/{id} . . . . . . . . . . . . . . . . . . . . . 1403POST /config/store_and_forward/policies/{id} . . . . . . . . . . . . . . . . . . . . 1404DELETE /config/store_and_forward/policies/{id} . . . . . . . . . . . . . . . . . . . 1406

    Data classification endpoints . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1406GET /data_classification/dsm_event_mappings . . . . . . . . . . . . . . . . . . . . 1406POST /data_classification/dsm_event_mappings . . . . . . . . . . . . . . . . . . . . 1408GET /data_classification/dsm_event_mappings/{dsm_event_mapping_id} . . . . . . . . . . . 1410POST /data_classification/dsm_event_mappings/{dsm_event_mapping_id} . . . . . . . . . . . 1411GET /data_classification/high_level_categories. . . . . . . . . . . . . . . . . . . . . 1412GET /data_classification/high_level_categories/{high_level_category_id} . . . . . . . . . . . . 1414GET /data_classification/low_level_categories . . . . . . . . . . . . . . . . . . . . . 1415GET /data_classification/low_level_categories/{low_level_category_id} . . . . . . . . . . . . 1416GET /data_classification/qid_records . . . . . . . . . . . . . . . . . . . . . . . . 1417POST /data_classification/qid_records . . . . . . . . . . . . . . . . . . . . . . . 1419GET /data_classification/qid_records/{qid_record_id} . . . . . . . . . . . . . . . . . . 1421POST /data_classification/qid_records/{qid_record_id} . . . . . . . . . . . . . . . . . . 1422

    Forensics endpoints . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1424GET /forensics/capture/recoveries. . . . . . . . . . . . . . . . . . . . . . . . . 1424POST /forensics/capture/recoveries . . . . . . . . . . . . . . . . . . . . . . . . 1425GET /forensics/capture/recoveries/{id} . . . . . . . . . . . . . . . . . . . . . . . 1427GET /forensics/capture/recovery_tasks . . . . . . . . . . . . . . . . . . . . . . . 1428GET /forensics/capture/recovery_tasks/{id} . . . . . . . . . . . . . . . . . . . . . 1430GET /forensics/case_management/case_create_tasks/{id} . . . . . . . . . . . . . . . . . 1432GET /forensics/case_management/cases . . . . . . . . . . . . . . . . . . . . . . . 1434POST /forensics/case_management/cases . . . . . . . . . . . . . . . . . . . . . . 1435GET /forensics/case_management/cases/{id} . . . . . . . . . . . . . . . . . . . . . 1437

    GUI application framework endpoints. . . . . . . . . . . . . . . . . . . . . . . . . 1438GET /gui_app_framework/application_creation_task . . . . . . . . . . . . . . . . . . 1438POST /gui_app_framework/application_creation_task . . . . . . . . . . . . . . . . . . 1438GET /gui_app_framework/application_creation_task/{application_id} . . . . . . . . . . . . . 1440POST /gui_app_framework/application_creation_task/{application_id} . . . . . . . . . . . . 1441GET /gui_app_framework/applications . . . . . . . . . . . . . . . . . . . . . . . 1442GET /gui_app_framework/applications/{application_id} . . . . . . . . . . . . . . . . . 1444POST /gui_app_framework/applications/{application_id} . . . . . . . . . . . . . . . . . 1447PUT /gui_app_framework/applications/{application_id} . . . . . . . . . . . . . . . . . 1450

    xviii QRadar API Reference Guide

  • DELETE /gui_app_framework/applications/{application_id} . . . . . . . . . . . . . . . . 1451Help endpoints . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1452

    GET /help/endpoints . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1452GET /help/endpoints/{endpoint_id} . . . . . . . . . . . . . . . . . . . . . . . . 1455GET /help/resources . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1458GET /help/resources/{resource_id} . . . . . . . . . . . . . . . . . . . . . . . . 1460GET /help/versions. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1461GET /help/versions/{version_id} . . . . . . . . . . . . . . . . . . . . . . . . . 1462

    IBM Security QRadar Risk Manager endpoints . . . . . . . . . . . . . . . . . . . . . . 1463GET /qrm/model_groups . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1464GET /qrm/model_groups/{group_id} . . . . . . . . . . . . . . . . . . . . . . . . 1465POST /qrm/model_groups/{group_id} . . . . . . . . . . . . . . . . . . . . . . . 1467DELETE /qrm/model_groups/{group_id} . . . . . . . . . . . . . . . . . . . . . . 1469GET /qrm/qrm_saved_search_groups. . . . . . . . . . . . . . . . . . . . . . . . 1469GET /qrm/qrm_saved_search_groups/{group_id}. . . . . . . . . . . . . . . . . . . . 1471POST /qrm/qrm_saved_search_groups/{group_id} . . . . . . . . .


Ixia NVS - IBM QRadar Integration Guide

Ixia NVS - IBM QRadar Integration Guide

Qradar ibm partner_enablement_220212_final

Qradar ibm partner_enablement_220212_final

IBM Security QRadar Upgrade Guide

IBM Security QRadar Upgrade Guide

IBM Qradar

IBM Qradar

IBM Security QRadar SIEM Installation Guidepublic.dhe.ibm.com/software/security/products/qradar/...The IBM Security QRadar SIEM Installation Guide provides you with information on

IBM Security QRadar SIEM Installation Guidepublic.dhe.ibm.com/software/security/products/qradar/...The IBM Security QRadar SIEM Installation Guide provides you with information on

IBM Security QRadar Vulnerability Manager - satisnet.co.uk Security QRadar... · 2 IBM Software Data Sheet solutions and external threat intelligence resources, QRadar Vulnerability

IBM Security QRadar Vulnerability Manager - satisnet.co.uk Security QRadar... · 2 IBM Software Data Sheet solutions and external threat intelligence resources, QRadar Vulnerability

© Copyright IBM Corporation 2012, 2017. Product …public.dhe.ibm.com/software/security/products/qradar/...IBM Security QRadar deployment. Each option impacts QRadar performance.

© Copyright IBM Corporation 2012, 2017. Product …public.dhe.ibm.com/software/security/products/qradar/...IBM Security QRadar deployment. Each option impacts QRadar performance.

IBM Security QRadar SIEM Installation Guidepublic.dhe.ibm.com/software/security/products/qradar/... · 2013-09-11 · IBM Security QRadar SIEM Installation Guide 2 ABOUT THIS GUIDE

IBM Security QRadar SIEM Installation Guidepublic.dhe.ibm.com/software/security/products/qradar/... · 2013-09-11 · IBM Security QRadar SIEM Installation Guide 2 ABOUT THIS GUIDE

IBM Security QRadar Vulnerability Manager

IBM Security QRadar Vulnerability Manager

IBM Security nie iba QRadar - clusterkb.sk · IBM Security nie iba QRadar TomášPokorný IBM Security SW sales manager, Central Europe region. 2 IBM Security Look familiar? Criminal

IBM Security nie iba QRadar - clusterkb.sk · IBM Security nie iba QRadar TomášPokorný IBM Security SW sales manager, Central Europe region. 2 IBM Security Look familiar? Criminal

IBM QRadar Incident Forensics: QRadar Incident Forensics ...€¦ · Figure 2. IBM QRadar Incident Forensics Standalone deployment example Restriction: You can't add managed hosts

IBM QRadar Incident Forensics: QRadar Incident Forensics ...€¦ · Figure 2. IBM QRadar Incident Forensics Standalone deployment example Restriction: You can't add managed hosts

IBM Security QRadar SIEM Installation · PDF fileIBM Security QRadar SIEM Installation Guide ABOUT THIS GUIDE The IBM Security QRadar SIEM Installation Guide provides you with QRadar

IBM Security QRadar SIEM Installation · PDF fileIBM Security QRadar SIEM Installation Guide ABOUT THIS GUIDE The IBM Security QRadar SIEM Installation Guide provides you with QRadar

IBM Qradar Users Guide

IBM Qradar Users Guide

CYBEREASON + IBM QRADAR INTEGRATION · 2020. 4. 24. · CYBEREASON + IBM QRADAR INTEGRATION _ Cybereason and QRadar have partnered to offer an integration that allows users to leverage

CYBEREASON + IBM QRADAR INTEGRATION · 2020. 4. 24. · CYBEREASON + IBM QRADAR INTEGRATION _ Cybereason and QRadar have partnered to offer an integration that allows users to leverage

Presentazione standard di PowerPoint€¦ · IBM Security QRadar Security Intelligence IBM Security QRadar Incident Forensics IBM Guardium Data Activity Monitoring •Prevent remote

Presentazione standard di PowerPoint€¦ · IBM Security QRadar Security Intelligence IBM Security QRadar Incident Forensics IBM Guardium Data Activity Monitoring •Prevent remote

IBM Security QRadar Upgrade Guide - siem.su · IBM Security QRadar Upgrade Guide ABOUT THIS GUIDE This guide provides information about how to upgrade your IBM Security QRadar system

IBM Security QRadar Upgrade Guide - siem.su · IBM Security QRadar Upgrade Guide ABOUT THIS GUIDE This guide provides information about how to upgrade your IBM Security QRadar system

QRadar on Cloud - IBMIntroduction to QRadar on Cloud Onboarding. Use IBM QRadar on Cloud to monitor your network with IBM QRadar in a subscription model. Intended audience Network

QRadar on Cloud - IBMIntroduction to QRadar on Cloud Onboarding. Use IBM QRadar on Cloud to monitor your network with IBM QRadar in a subscription model. Intended audience Network

IBM Security QRadar - Guide d'utilisation des sources de journalaudentia-gestion.fr/IBM/PDF/QLM_72_Log_Sources-FR.pdf · 2019. 4. 5. · IBM Security QRadar - Guide d’utilisation

IBM Security QRadar - Guide d'utilisation des sources de journalaudentia-gestion.fr/IBM/PDF/QLM_72_Log_Sources-FR.pdf · 2019. 4. 5. · IBM Security QRadar - Guide d’utilisation

© Copyright IBM Corporation 2013, 2017. Product informationpublic.dhe.ibm.com/software/security/products/qradar/documents/7.… · Chapter 2. Ariel Query Language The Ariel Query

© Copyright IBM Corporation 2013, 2017. Product informationpublic.dhe.ibm.com/software/security/products/qradar/documents/7.… · Chapter 2. Ariel Query Language The Ariel Query

IBM QRadar versus MK noteikumi 2016

IBM QRadar versus MK noteikumi 2016