QRadar API get assets query

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

QRadar API get assets query

L2 Linker

Does anyone know with QRadar Integration: "qradar-assets-list"


This retrieves information such as 
jboyd98_1-1651156469974.png

 



The above asset (1278) has vulnerabilities and 2 products installed, but it only provides me with a vulnerability count and product IDs.

1.  How do I query what those products are or what those vulnerabilities are?
2.  I was exploring using the "https://www.ibm.com/docs/en/qradar-common?topic=endpoints-get-qvmassets"
but was also having trouble interpreting how to filter by assetId.
This didn't seem to work:  filters%20contains%20assetId%20%3D%201278



4 REPLIES 4

L4 Transporter

Hi @jboyd98,

 

Can you try the `qradar-get-asset-by-id` command instead. This should list all the vulnerabilities. 

 

Thanks, Jeremy.

Hi Jeremy,

 

Thanks for the suggestion, although it looks like it returns similar data to the assets-list:

 

jboyd98_0-1651239600548.png

 

I'm trying to get the Products installed; which right now the "Products" row shows an Id number and I don't know the corresponding qradar api to translate.

And the vulnerability is just a count VS what vulnerabilities at risk...

Let me know your thoughts and if you know how to query the details -

Thanks again,

Boyd

L4 Transporter

Hi Byod,

 

Integrations developed by XSOAR do NOT drop or modify data from an API call. I would suggest running the command with the `raw-response=true` parameter. This would show you all the data returned by the API call. If you find the missing information there you can use the `extend-context=` parameter. For more information refer -https://docs.paloaltonetworks.com/cortex/cortex-xsoar/6-6/cortex-xsoar-admin/playbooks/extend-contex...

 

If the information is still missing, it is a limitation the QRadar API. I would suggest raising a support case with them.

 

Thanks,

 

Jeremy.

Thanks Jeremy, 

You're correct.  This is more a QRadar API question, but I don't have current access to post the question on IBM forum.  Just was wondering if anyone had tried to get this data into XSOAR from QRadar previously.

 

Thanks,

Boyd

  • 2055 Views
  • 4 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!