Each custom rule in QRadar has a unique universal identifier (UUID) which is used to identify the rule. The UUID is useful to connect original system rules with their corresponding override records. The UUID can be found through the REST API.
- Log in to the QRadar UI.
- Click the menu on top of the Dashboard tab, then select Interactive API for Developers. For more information on accessing the API through the GUI, follow the document Accessing the interactive API documentation page - IBM Documentation.
- In the REST API UI, select analytics > rules.
- Set the filter value string to
name = "rule_name"
Set the fields value string to list the fields you want in the query result (such as name and identifier), as shown in the screen capture.
- Click Try It Out.
The rule UUID is shown as the "identifier" field in the JSON output returned by the API.
Was this topic helpful?
12 December 2022