How To
Summary
Each custom rule in QRadar has a unique universal identifier (UUID) which is used to identify the rule. The UUID is useful to connect original system rules with their corresponding override records. The UUID can be found through the REST API.
Steps
- Log in to the QRadar UI.
- Click the menu on top of the Dashboard tab, then select Interactive API for Developers. For more information on accessing the API through the GUI, follow the document Accessing the interactive API documentation page - IBM Documentation.
- In the REST API UI, select analytics > rules.
- Set the filter value string to
name = "rule_name"
Set the fields value string to list the fields you want in the query result (such as name and identifier), as shown in the screen capture.
- Click Try It Out.
Results
The rule UUID is shown as the "identifier" field in the JSON output returned by the API.
Document Location
Worldwide
[{"Type":"MASTER","Line of Business":{"code":"LOB24","label":"Security Software"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSV4BL","label":"IBM QRadar"},"ARM Category":[{"code":"a8m0z000000cwtrAAA","label":"Rules"}],"ARM Case Number":"TS010047827","Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"All Versions"}]
Was this topic helpful?
Document Information
Modified date:
12 December 2022
UID
ibm16831009