IBM Support

QRadar: How to find a rule's UUID with REST API

How To


Each custom rule in QRadar has a unique universal identifier (UUID) which is used to identify the rule. The UUID is useful to connect original system rules with their corresponding override records. The UUID can be found through the REST API.


  1. Log in to the QRadar UI.
  2. Click the menu on top of the Dashboard tab, then select Interactive API for Developers. For more information on accessing the API through the GUI, follow the document Accessing the interactive API documentation page - IBM Documentation.
  3. In the REST API UI, select analytics > rules.
  4. Set the filter value string to name = "rule_name"
    Set the fields value string to list the fields you want in the query result (such as name and identifier), as shown in the screen capture.
    how to set the parameter in analytics>rules api
  5. Click Try It Out.

    The rule UUID is shown as the "identifier" field in the JSON output returned by the API.

Document Location


[{"Type":"MASTER","Line of Business":{"code":"LOB24","label":"Security Software"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSV4BL","label":"IBM QRadar"},"ARM Category":[{"code":"a8m0z000000cwtrAAA","label":"Rules"}],"ARM Case Number":"TS010047827","Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"All Versions"}]

Document Information

Modified date:
12 December 2022