Universal Cloud REST API protocol

The Universal Cloud REST API protocol is an outbound, active protocol for IBM® QRadar®. You can customize the Universal Cloud REST API protocol to collect events from a variety of REST APIs, including data sources for which there is no specific DSM or protocol.

The Universal Cloud REST API protocol behavior is defined by a workflow XML document. You can create your own XML document, or you can get it from IBM Fix Central, or from third parties on Github.

Important: The Universal Cloud REST API protocol is supported on QRadar 7.3.2 or later, and you must have the QRadar Log Source Management app installed. For information on how to install the app, see Installing the QRadar Log Source Management app.

For Universal Cloud REST API protocol examples, see GitHub samples (https://github.com/ibm-security-intelligence/IBM-QRadar-Universal-Cloud-REST-API).

Important: IBM supports only the workflows that are available on Fix Central, and those that are directly referenced in the DSM Configuration Guide. The workflows on Github can be used as educational resources but are not supported by IBM.

The following table describes the protocol-specific parameters for the Universal Cloud REST API protocol.

Table 1. Universal Cloud REST API protocol parameters
Parameter Description
Workflow The XML document that defines how the protocol instance collects events from the target API. For more information, see Workflow.
Workflow Parameter Values The XML document that contains the parameter values used directly by the Workflow. For more information, see Workflow Parameter Values.
Allow Untrusted Server Certificates Indicates whether untrusted server certificates are allowed.
Use Proxy If the API is accessed by using a proxy, select this checkbox . If the proxy requires authentication, configure the Proxy Server, Proxy Port, Proxy Username, and Proxy Password fields. If the proxy does not require authentication, configure the Proxy Server and Proxy Port fields.
Proxy IP or Hostname The IP address or host name of the proxy server.

If the Use Proxy parameter is set to False, this option is hidden.

Proxy Port The port number used to communicate with the proxy. The default port number is 8080.

If the Use Proxy parameter is set to False, this option is hidden.

Proxy Username Required only when the proxy requires authentication.

If the Use Proxy parameter is set to False, this option is hidden.

Proxy Password Required only when the proxy requires authentication.

If the Use Proxy parameter is set to False, this option is hidden.

Recurrence The time interval between each execution of the workflow. The time interval can be in hours (H), minutes (M), or days (D). The default is 10 minutes.
EPS Throttle The upper limit for the maximum number of events per second (EPS). The default is 5000.