Friday, January 15, 2016

QRadar SIEM API 101 Walk-Through

I thought I'd share how I got the QRadar API working.

I downloaded the sample API python modules (RestApiClient.py, SampleUtilities.py, etc.) from github



I downloaded the sample API script (01_GetOffenses.py) from github



I saved them all to the same folder.

I made sure I had python3 installed (not 2).



Then I had to download our console website PEM from the certificate like so and save it to the same folder.













Then I had to create an authorized service/token.









Then run the script via
   python 01_GetOffenses.py

It will prompt you to enter your authorization token (from the authorized service screen above) and your certificate location (copy the full path to the .crt file). Once you hit enter, you have the choice to save this token and certificate information to a plaintext file for future use. But then the API call runs and boom you have a list of all offenses!



More about neonprimetime


Top Blogs of all-time
  1. pagerank botnet sql injection walk-thru
  2. php injection ali.txt walk-thru
  3. php injection exfil walk-thru


Copyright © 2015, this post cannot be reproduced or retransmitted in any form without reference to the original post.

1 comment:

  1. thanks for this post..sir i want to save json response to a file?how can i do that? where i need to change code?
    # Output the data
    SampleUtilities.pretty_print_response(response)

    ReplyDelete