QRadar SIEM API call for Offenses Assigned to User

If interested, I wrote a simple python script and saved it on github that queries the QRadar SIEM API for Offenses Assigned to a specific user. If you missed it, I just recently posted a 101 walk-through on how to get your api calls working. The script I wrote is just a variation of the default samples provided by IBM over at their github.

After you have the default sample api calls working, just download my pythong script for assigned_to.py and put it in the same folder. The run it as follows.

# Offenses Assigned to Myself
> offenses/assigned_to.py -u MYUSERID

id:128 [MYUSERID] SrcIP=66.66.220.109
id:127 [MYUSERID] SrcIP=172.16.17.2
id:126 [MYUSERID] DstIP=61.61.61.33
id:125 [MYUSERID] DstIP=61.61.61.57
id:124 [MYUSERID] DstIP=10.0.0.2

# Offenses Not assigned to anybody yet
> offenses/assigned_to.py -u UNASSIGNED

id:133 [ ] SrcIP=190.190.117.177
id:132 [ ] User =USER22
id:131 [ ] SrcIP=66.66.103.118


More about neonprimetime

• neonprimetime pastebin
• neonprimetime virustotal
• @neonprimetime twitter
• neonprimetime reddit

Top Blogs of all-time

1. pagerank botnet sql injection walk-thru
2. php injection ali.txt walk-thru
3. php injection exfil walk-thru

Copyright © 2015, this post cannot be reproduced or retransmitted in any form without reference to the original post.