WorkflowParams.xml

Use the following xml to populate the Workflow Parameter Values field in the Universal Cloud REST API log source protocol parameters section.

  1. Click the Copy to clipboard icon at the upper right of the code block, and then paste the content to a text file so that you can edit the values.
  2. Replace the values for the following parameters with your own values.
    Tip:
    • Remove the angle brackets when you replace the example text with your own values.
    • You don't need to include the https:// protocol.
    Parameter Description
    <hostname/ip-address> Replace <hostname/ip-address> with the hostname or IP address of the QRadar® App Host (or QRadar Console if the app is running on the console).
    <your-auth-service-token> Replace <your-auth-service-token> with the Authorized Service Token that you obtained in step 3e in Creating an authorized service token.
    <query_type> Replace <query_type> with either "advanced_query" or "minimal_query".

    This parameter is optional. The "advanced_query" type retrieves all properties for each event and flow that is associated with offenses. The "minimal_query" type retrieves a minimal subset of properties. To reduce the size of the offense data received from the API, use "minimal_query".

  3. Copy the updated content into the Workflow Parameter Values field.
    <?xml version="1.0" encoding="UTF-8" ?>
    <WorkflowParameterValues xmlns="http://qradar.ibm.com/UniversalCloudRESTAPI/WorkflowParameterValues/V2">
        <Value name="host" value="<hostname/ip-address>" />
        <Value name="auth_token" value="<your-auth-service-token>" />
        <Value name="query_type" value="<'advanced_query' or 'minimal_query'>" />
    </WorkflowParameterValues>