WorkflowParams.xml
Use the following xml to populate the Workflow Parameter Values field in the Universal Cloud REST API log source protocol parameters section.
- Click the Copy to clipboard icon at the upper right of the code block, and then paste the content to a text file so that you can edit the values.
- Replace the values for the following parameters with your own values.Tip:
- Remove the angle brackets when you replace the example text with your own values.
- You don't need to include the https:// protocol.
Parameter Description <hostname/ip-address> Replace <hostname/ip-address> with the hostname or IP address of the QRadar® App Host (or QRadar Console if the app is running on the console). <your-auth-service-token> Replace <your-auth-service-token> with the Authorized Service Token that you obtained in step 3e in Creating an authorized service token. <query_type> Replace <query_type> with either "advanced_query" or "minimal_query". This parameter is optional. The "advanced_query" type retrieves all properties for each event and flow that is associated with offenses. The "minimal_query" type retrieves a minimal subset of properties. To reduce the size of the offense data received from the API, use "minimal_query".
- Copy the updated content into the Workflow Parameter Values
field.
<?xml version="1.0" encoding="UTF-8" ?> <WorkflowParameterValues xmlns="http://qradar.ibm.com/UniversalCloudRESTAPI/WorkflowParameterValues/V2"> <Value name="host" value="<hostname/ip-address>" /> <Value name="auth_token" value="<your-auth-service-token>" /> <Value name="query_type" value="<'advanced_query' or 'minimal_query'>" /> </WorkflowParameterValues>