QRadarAPI Client written in Python
Project description
QRadar API Client written in Python
This is a wrapper around the REST-API of QRadar. This includes some undocumented endpoints, that may not work as expected.
All the information for the various endpoints were pulled from version 13.1
.
If you find any bugs please open an issue or a pull request.
A word of warning
qradar4py is work in progress and should be treated as a software in beta, especially regarding the "undocumented" API endpoints.
Installation
sudo pip3 install qradar4py
# OR
cd qradar4py && sudo python3 setup.py install
Usage
Just a very basic sample on how to get the IDs of up to 10 offenses that are not closed.
from qradar4py.api import QRadarApi
# Initalize the API with the URL, your API token and whether the certificate should be checked.
api = QRadarApi("<URL>", "<API_TOKEN>", version='13.1', verify=True)
# Get all offenses
status_code, response = api.siem.get_offenses(filter='status != CLOSED',
Range='items=0-50',
fields='id')
print(status_code, response)
# 200 [{'id': 1}, {'id': 2}, {'id': 3}, {'id': 4}, {'id': 5}]
Mapping
Check the "Interactive API" on QRadar to see what endpoints are available in your version.
Check the documentation to get a mapping from endpoint to method.
Disclaimer
I am in no way affiliated with IBM.
QRadar is a registered trademark by IBM.
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.