Does anyone know with QRadar Integration: "qradar-assets-list"
The above asset (1278) has vulnerabilities and 2 products installed, but it only provides me with a vulnerability count and product IDs.
1. How do I query what those products are or what those vulnerabilities are?
2. I was exploring using the "https://www.ibm.com/docs/en/qradar-common?topic=endpoints-get-qvmassets"
but was also having trouble interpreting how to filter by assetId.
This didn't seem to work: filters%20contains%20assetId%20%3D%201278
Thanks for the suggestion, although it looks like it returns similar data to the assets-list:
I'm trying to get the Products installed; which right now the "Products" row shows an Id number and I don't know the corresponding qradar api to translate.
And the vulnerability is just a count VS what vulnerabilities at risk...
Let me know your thoughts and if you know how to query the details -
Integrations developed by XSOAR do NOT drop or modify data from an API call. I would suggest running the command with the `raw-response=true` parameter. This would show you all the data returned by the API call. If you find the missing information there you can use the `extend-context=` parameter. For more information refer -https://docs.paloaltonetworks.com/cortex/cortex-xsoar/6-6/cortex-xsoar-admin/playbooks/extend-contex...
If the information is still missing, it is a limitation the QRadar API. I would suggest raising a support case with them.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!