Public API documentation for UBA

You can gather information from the UBA database with the public API documentation. Each endpoint targets certain users and returns data about them. All responses are in JSON syntax. These APIs rarely change. You can use the APIs to gather a snapshot of a user at a particular time to compare to a later date.

Required information

  • SEC Token with UBA capabilities referred to as SEC_TOKEN
  • UBA App ID referred to as UBA_APP_ID
  • QRadar® Console IP address, if scripts are not run locally, referred to as QR_IP_ADDRESS