Friday, January 15, 2016

QRadar SIEM API call for Offenses Assigned to User

If interested, I wrote a simple python script and saved it on github that queries the QRadar SIEM API for Offenses Assigned to a specific user. If you missed it, I just recently posted a 101 walk-through on how to get your api calls working. The script I wrote is just a variation of the default samples provided by IBM over at their github.

After you have the default sample api calls working, just download my pythong script for and put it in the same folder. The run it as follows.

# Offenses Assigned to Myself
> offenses/ -u MYUSERID

id:128 [MYUSERID] SrcIP=
id:127 [MYUSERID] SrcIP=
id:126 [MYUSERID] DstIP=
id:125 [MYUSERID] DstIP=
id:124 [MYUSERID] DstIP=

# Offenses Not assigned to anybody yet
> offenses/ -u UNASSIGNED

id:133 [ ] SrcIP=
id:132 [ ] User =USER22
id:131 [ ] SrcIP=

More about neonprimetime

Top Blogs of all-time
  1. pagerank botnet sql injection walk-thru
  2. php injection ali.txt walk-thru
  3. php injection exfil walk-thru

Copyright © 2015, this post cannot be reproduced or retransmitted in any form without reference to the original post.

No comments:

Post a Comment