Accessing report data by using APIs

As an alternative to using the interface in IBM® QRadar® Use Case Manager, you can use APIs to interact with the data. Use the interactive API documentation interface to test the APIs before you use them.

About this task

The following public APIs are available for use:
  • Use Case Explorer: Generate and download report data in CSV or JSON formats.
  • Log Source Coverage: Get information about rule-log source type activity and coverage.
  • MITRE Endpoints: Get information about rule mappings. Create custom adversary groups and map them to existing tactics and techniques. Upload custom MITRE group-technique files.
    Tip: Make sure that the mapping file is in JSON format and contains the following data format: 
    { "Technique_ID_1": ["group1"], "Technique_ID_2": ["group1", "group2"] }

    Each time you upload a custom mapping file, the previous file is replaced.

  • Tuning Findings: Get information about tuning findings.

Procedure

  1. From the Admin tab, click Apps > QRadar Use Case Manager > API Docs.
  2. Select an endpoint and click Try it out.
  3. Click Execute to send the API request to your console and receive a properly formatted HTTPS response.
  4. Review and gather the information that you need to integrate with QRadar.