In QRadar 7.2 MR1, a framework was added to help make HTTPS queries easy for API developers through the implementation of a user interface for the API. This API framework allows customers to input information, click test, and receive properly formatted HTTPS URL, expected responses, header information, error information, schema information, and more for the input format for your put, get, post, or delete commands. The over all goal is to provide an API and a framework that helps administrators/programmers understand how to work with the API.
How to access the API:
Access to the API requires authentication. QRadar admin accounts should automatically have the user role for the API enabled.
To access the QRadar Restful API, you can type the following URL in to your browser:
This URL prompts the user to verify the security credentials for the site and to authenticate as a QRadar users. A user account is required to access the QRadar API.
What should I see after I log in?
After you log in, the API options displayed can depend on the products you have licensed. As QRadar and QRadar Vulnerability Manager have API implementations.
- QRadar provides a /referencedata, /auth, and /help. These menus are expandable and display the get, post, and delete commands.
- QRadar Vulnerability Manager provides /qvm and /scanner. These menus allow you to query QRadar Vulnerability Manager for data or put data in QVM to update remediation for an assigned vulnerability. The /scanner API provides administrators a way to work with scan profiles through the API.
The goal of this forum is to provide information and knowledge to assist administrators with QRadar API questions.