IBM Support

QRadar: How to export and import the network hierarchy information using the QRadar API

How To


Summary

This article contains a step by step of how to export or import the network hierarchy information with the QRadar API.

Steps

Exporting the Network Hierarchy

The network hierarchy can be exported through the Interactive API for Developers (GUI) or CLI, and the information is only available in JSON format.

From the Graphical Interface (GUI):

  1. Navigate to https://<Console IP>/api_doc and open the Interactive API for Developers.
  2. Go to config, select network_hierarchy, then networks:

        image 12637
  3. In the right pane, scroll down and click Try it Out!
From the command line (CLI):
The command cURL is used to export the events by using the command line. To run this command, the administrator needs to generate an access token first, or use an existing one with admin rights.
Use these commands in order to export the network hierarchy: 
mkdir -p /store/IBM_Support/
curl -S -X GET -H 'Version: <latest_API_version>' -H 'SEC:fa7cb8f5-3950-XXXX-XXXX-XXXXXXXXXXXX' -H 'Accept: application/json' 'https://<Console IP>/api/config/network_hierarchy/networks' >> /store/IBM_Support/hierarchy_export.json
  • Version: It is the current QRadar API version, use the version of the QRadar environment used.
  • SEC: The SEC header contains the security token.
  • >> /store/IBM_Support/hierarchy_export.json: This section sends the output to a file named hierarchy_export.json located in the path /store/IBM_Support/.

Importing the Network Hierarchy

Note: All the hierarchy must be imported at once. The command overrides the exiting configuration every time it is executed.

To import a backup made with the instruction on the Exporting the Network Hierarchy section of this article, you need to execute this command:

curl -S -X PUT -H 'Content-Type: application/json' -H '<Lastest API version>' -H 'SEC: fa7cb8f5-3950-XXXX-XXXX-XXXXXXXXXXXX ' -H 'Accept: application/json' --data-binary @</PATH/TO/FILE> 'https://<Console IP>/api/config/network_hierarchy/staged_networks'

Example:

curl -S -X PUT -H 'Content-Type: application/json' -H 'Version: 15.1' -H 'SEC: fa7cb8f5-3950-XXXX-XXXX-XXXXXXXXXXXX ' -H 'Accept: application/json' --data-binary @/store/IBM_Support/hierarchy_export.json 'https://<Console IP>/api/config/network_hierarchy/staged_networks'
  • Version: It is the current QRadar API version, use the version of the QRadar environment used.
  • --data-binary: It is used to make reference to the file that contains the network hierarchy information.

Document Location

Worldwide

[{"Type":"MASTER","Line of Business":{"code":"LOB24","label":"Security Software"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSBQAC","label":"IBM Security QRadar SIEM"},"ARM Category":[{"code":"a8m0z000000cwtNAAQ","label":"Deployment"}],"ARM Case Number":"","Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"All Versions"}]

Document Information

Modified date:
18 April 2022

UID

ibm16568805

Page Feedback