How to use filter description field for IBM Qradar offense via REST api

Question

I'm new to QRadar and having problem of filter QRadar description field in Qradar REST api /siem/offense.

Can anyone suggest me how to filter offense description filed? for example I want to display any offense description start with the word Rule so only the first objective will display.

Data example

 {
"description": "Rule_name 1",
"rules": [
  {
    "id": 104206,
    "type": "CRE_RULE"
  }
]

}, { "description": "exampel rule 1\n", "rules": [ { "id": 104206, "type": "CRE_RULE" } ] },

score 0 · Answer 1 · answered Nov 18 '20 at 13:06

0

If you look at the field explanation. The offense description field is neither filterable nor sortable. You can try by fetching all the offenses and then filtering required offenses using some script.

answered Nov 18 '20 at 13:06

Pranav101py

83
5

How to use filter description field for IBM Qradar offense via REST api

1 Answers1