Пример сценария рабочего потока API

Используйте сценарий в этом примере, чтобы скачать отчет Use Case Explorer в формате CSV.

Важное замечание: Из-за проблем форматирования вставьте сценарий в текстовый редактор, а затем удалите все символы возврата каретки или перевода строки.

Можно заменить код фильтра на другие сведения о фильтре. В следующей строке замените выделенную полужирным информацию на содержимое другого фильтра, описанное в разделе Фильтры Use Case Explorer.


--data-raw '{"filters": [{"name":"rule","type":"ATTRIBUTE","recursive":true,"matchCriteria":"PARTIAL","values":[true],"attributeName":"",valueType":"EXCLUSIVE_COMMON"}],"columns":["N","GR","RC","T","RO","EN","RE","CD","MD"]}'

/* Begin by initiating the report generation with POST/api/use_case_explorer. */ 
curl --user admin --location --request POST 'https://{qradar ip}/console/plugins/{UCM App ID}/app_proxy/api/use_case_explorer' \
--header 'Content-Type: application/json' \
--data-raw '{"filters":[{"name":"rule","type":"ATTRIBUTE","recursive":true,"matchCriteria":"PARTIAL","values":[true],"attributeName":"",valueType":"EXCLUSIVE_COMMON"}],"columns":["N","GR","RC","T","RO","EN","RE","CD","MD"]}'

/* Return the current status of report generation from POST/api/use_case_explorer by calling GET /api/use_case_explorer/{reportId}/status. */
curl --user admin --location --request GET 'https://{qradar ip}/console/plugins/{UCM App ID}/app_proxy/api/use_case_explorer/{report id}/status' \
--header 'Cookie: csrfToken=DG0pShPY-Ks59qGwW_nraLhvdl1zzyQua9Tg;

/* To download the report in CSV format, once GET /api/use_case_explorer/{reportId}/status
 returns a status of COMPLETED, use POST /api/use_case_explorer/{reportId}/download_csv
 to initiate the job to generate a CSV report */
curl --user admin --location --request POST 'https://{qradar ip}/console/plugins/{UCM App ID}/app_proxy/api/use_case_explorer/{report id}/download_csv' \
--header 'Content-Type: application/json' \
--data-raw '{"columns":"N,GR,RC,T,RO,EN,RE,CD,MD"}'

/* Return the current status of CSV report generation from POST /api/use_case_explorer/{reportId}/download_csv by calling GET /api/use_case_explorer/download_csv/{jobId}/status */
curl --user admin --location --request GET 'https://{qradar ip}/console/plugins/{UCM App ID}/app_proxy/api/use_case_explorer/download_csv/{download csv job id}/status' \
--header 'Content-Type: application/json' \
--data-raw '{"columns":"N,GR,RC,T,RO,EN,RE,CD,MD"}'

/* Finally, when GET /api/use_case_explorer/download_csv/{jobId}/status
 returns a status of COMPLETED, call GET /api/use_case_explorer/download_csv/{jobId}/result
 to download your generated report in CSV file format */
curl --user admin --location --request GET 'https://{qradar ip}/console/plugins/{UCM App ID}/app_proxy/api/use_case_explorer/download_csv/{download csv job id}/result?csvName=test.csv' \
--header 'Content-Type: application/json' \
--data-raw '{"columns":"N,GR,RC,T,RO,EN,RE,CD,MD"}'