Creating reference data collections with the APIs
You can use the application program interface (API) to manage IBM® QRadar® reference data collections.
Procedure
- Use a web browser to access https://<Console IP>/api_doc and log in as the administrator.
- Select the latest iteration of the IBM QRadar API.
- Select the /reference_data directory.
-
To create a new reference set, follow these steps:
- Select /sets.
-
Click POST and enter the relevant information in the
Value fields.
Learn more about the parameters to create a reference set:
The following table provides information about the parameters that are required to create a reference set:
Table 1. Parameters - Reference Set Parameter Type Value Data Type MIME Type Sample element_type query (required) String text/plain String <one of: ALN, NUM, IP, PORT, ALNIC, DATE, CIDR> name query (required) String text/plain String fields query (optional) String text/plain field_one (field_two, field_three), field_four time_to_live query (optional) String text/plain String timeout_type query (optional) String text/plain String <one of: UNKNOWN, FIRST_SEEN, LAST_SEEN> - Click Try It Out! to finish creating the reference data collection and to view the results.
-
To create a new reference map, follow these steps:
- Click /maps.
-
Click POST and enter the relevant information in the
Value fields.
Learn more about the parameters to create a reference map:
The following table provides information about the parameters that are required to create a reference map:
Table 2. Parameters - Reference Map Parameter Type Value Data Type MIME Type Sample element_type query (required) String text/plain String <one of: ALN, NUM, IP, PORT, ALNIC, DATE, CIDR> name query (required) String text/plain String fields query (optional) String text/plain field_one (field_two, field_three), field_four key_label query (optional) String text/plain String time_to_live query (optional) String text/plain String timeout_type query (optional) String text/plain String <one of: UNKNOWN, FIRST_SEEN, LAST_SEEN> value_label query (optional) String text/plain String - Click Try It Out! to finish creating the reference data collection and to view the results.
-
To create a new reference map of sets, follow these steps:
- Select /map_of_sets.
-
Click POST and enter the relevant information in the
Value fields.
Learn more about the parameters to create a reference map of sets:
The following table provides information about the parameters that are required to create a reference map of sets:
Table 3. Parameters - Reference Map of Sets Parameter Type Value Data Type MIME Type Sample element_type query (required) String text/plain String <one of: ALN, NUM, IP, PORT, ALNIC, DATE, CIDR> name query (required) String text/plain String fields query (optional) String text/plain field_one (field_two, field_three), field_four key_label query (optional) String text/plain String time_to_live query (optional) String text/plain String timeout_type query (optional) String text/plain String <one of: UNKNOWN, FIRST_SEEN, LAST_SEEN> value_label query (optional) String text/plain String - Click Try It Out! to finish creating the reference data collection and to view the results.
-
To create a new reference table or map of maps, follow these steps:
- Click /tables.
-
Click POST and enter the relevant information in the
Value fields.
Learn more about the parameters to create a reference table or a map of maps:
The following table provides information about the parameters that are required to create a reference table or a map of maps:
Table 4. Parameters - Reference Table Parameter Type Value Data Type MIME Type Sample element_type query (required) String text/plain String <one of: ALN, NUM, IP, PORT, ALNIC, DATE, CIDR> name query (required) String text/plain String fields query (optional) String text/plain field_one (field_two, field_three), field_four key_name_types query (optional) Array application/json [ { "element_type": "String <one of: ALN, NUM, IP, PORT, ALNIC, DATE, CIDR>", "key_name": "String" }] outer_key_label query (optional) String text/plain String time_to_live query (optional) String text/plain String timeout_type query (optional) String text/plain String <one of: UNKNOWN, FIRST_SEEN, LAST_SEEN> - Click Try It Out! to finish creating the reference data collection and to view the results.