This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

QRadar API get assets query

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

QRadar API get assets query

jboyd98
L2 Linker

‎04-28-2022 07:36 AM

Does anyone know with QRadar Integration: "qradar-assets-list"


This retrieves information such as 
jboyd98_1-1651156469974.png

 



The above asset (1278) has vulnerabilities and 2 products installed, but it only provides me with a vulnerability count and product IDs.

1.  How do I query what those products are or what those vulnerabilities are?
2.  I was exploring using the "https://www.ibm.com/docs/en/qradar-common?topic=endpoints-get-qvmassets"
but was also having trouble interpreting how to filter by assetId.
This didn't seem to work:  filters%20contains%20assetId%20%3D%201278



0 Likes Likes
4 REPLIES 4

jfernandes1
L5 Sessionator

‎04-28-2022 08:45 PM

Hi @jboyd98,

 

Can you try the `qradar-get-asset-by-id` command instead. This should list all the vulnerabilities. 

 

Thanks, Jeremy.

0 Likes Likes

jboyd98
L2 Linker
In response to jfernandes1

‎04-29-2022 06:46 AM

Hi Jeremy,

 

Thanks for the suggestion, although it looks like it returns similar data to the assets-list:

 

jboyd98_0-1651239600548.png

 

I'm trying to get the Products installed; which right now the "Products" row shows an Id number and I don't know the corresponding qradar api to translate.

And the vulnerability is just a count VS what vulnerabilities at risk...

Let me know your thoughts and if you know how to query the details -

Thanks again,

Boyd

0 Likes Likes

jfernandes1
L5 Sessionator

‎05-02-2022 01:41 AM

Hi Byod,

 

Integrations developed by XSOAR do NOT drop or modify data from an API call. I would suggest running the command with the `raw-response=true` parameter. This would show you all the data returned by the API call. If you find the missing information there you can use the `extend-context=` parameter. For more information refer -https://docs.paloaltonetworks.com/cortex/cortex-xsoar/6-6/cortex-xsoar-admin/playbooks/extend-contex...

 

If the information is still missing, it is a limitation the QRadar API. I would suggest raising a support case with them.

 

Thanks,

 

Jeremy.

jboyd98
L2 Linker
In response to jfernandes1

‎05-02-2022 09:10 AM

Thanks Jeremy, 

You're correct.  This is more a QRadar API question, but I don't have current access to post the question on IBM forum.  Just was wondering if anyone had tried to get this data into XSOAR from QRadar previously.

 

Thanks,

Boyd

0 Likes Likes
  • 2565 Views
  • 4 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks