IBM Support

QRadar EDR (formerly ReaQta): How to get the Endpoint ID for ReaQta Endpoints

How To


Summary

This article covers the steps get the endpoint IDs of QRadar EDR (formerly ReaQta) Endpoints.

Objective

As of now, there are two ways by which we can fetch the endpoint ID of ReaQta Endpoints:
  1. ReaQta Dashboard URL
  2. GET /1/endpoints API

Steps

ReaQta Dashboard URL:

  1. From the ReaQta Dashboard home page, click the Endpoints tab.
  2. Click the required endpoint from the list of endpoints in Endpoints tab.
  3. Click View Endpoint from the Endpoint Details pane.
    1. image-20220719162429-3
  4. It opens up the Endpoint details page for the specific endpoint. The URL for the Endpoint details page looks as following and consists of the endpoint ID of the specific endpoint.
    1. https://<Hive Server IP>/endpoints/<Endpoint ID>

GET /1/endpoints API:

  1. You can fetch the endpoint ID of all ReaQta endpoints from the result of GET /1/endpoints API request.
  2. Request URL: GET https://<ReaQta Dashboard URL>/rqt-api/1/endpoints
  3. Response: 
    {
  "result": [
    {
      "id": "string",
      "machineId": "string",
      "osType": "0",
      "cpuVendor": "0",
      "arch": "0",
      "cpuDescr": "string",
      "kernel": "string",
      "os": "string",
      "name": "string",
      "domain": "string",
      "state": "0",
      "registrationTime": "string",
      "deregistrationTime": "string",
      "agentVersion": "string",
      "componentsVersions": [
        {
          "name": "string",
          "version": "string",
          "build": "string"
        }
      ],
      "isVirtualMachine": true,
      "isDomainController": true,
      "isServer": true,
      "sessionStart": "string",
      "sessionEnd": "string",
      "lastSeenAt": "string",
      "disconnectionReason": "0",
      "localAddr": "string",
      "hvStatus": 0,
      "macs": [
        "string"
      ],
      "isolated": true,
      "connected": true,
      "tags": [
        "string"
      ],
      "groups": [
        {
          "id": "string",
          "name": "string",
          "description": "string",
          "parentGroupId": "string"
        }
      ],
      "avInstalled": true,
      "avOnline": true,
      "avDbLatestUpdateTime": 0,
      "avDbSignaturesNum": 0,
      "avAgentVersion": "string"
    }
  ],
  "nextPage": "string",
  "remainingItems": 0
}
Note: From the API response, "id" is the Endpoint ID of the endpoints. You can match "id" with the "name" to get the endpoint ID of a particular endpoint.

Document Location

Worldwide

[{"Type":"MASTER","Line of Business":{"code":"LOB24","label":"Security Software"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSVOEH","label":"IBM Security ReaQta"},"ARM Category":[{"code":"a8m3p000000hBSAAA2","label":"Administrative Tasks"}],"ARM Case Number":"","Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"All Versions"}]

Product Synonym

ReaQta

Document Information

Modified date:
17 May 2023

UID

ibm16605337

Page Feedback