Modify an existing user-defined IBM
QRadar Identifier (QID) map
entry.
About this task
Restriction:
The qidmap_cli script cannot interact with QID entries that are associated
with a specific custom Log Source Type. QRadar has public APIs that can
interact with QIDs in this range. The API is used as the supported mechanism for the operation. The
QID map API is at /data_classification/qid_records. The API supports the GET,
CREATE, and UPDATE functions. It does not support the DELETE function.
Procedure
-
Using SSH, log in to QRadar as the root user.
-
Type the following command:
qidmap_cli.sh -m --qid<QID> --qname <name> --qdescription <description>
--severity <severity>
The
following table describes the command-line options for the QID map
utility:
| Options |
Description |
| -m |
Modifies an existing user-defined QID map entry. |
| --qid <QID> |
The QID that you want to modify. |
| --qname <name> |
The name that you want to associate with this QID map entry.
The name can be up to 255 characters in
length with no spaces. |
| --qdescription <description> |
The description for this QID map entry. The description can
be up to 2048 characters in length with
no spaces. |
| --severity <severity> |
The severity level that you want to assign to this QID map
entry. The valid range is 0 - 10. |