© copyright ibm corporation 2014, 2017. product information · contents 1 what's new for...

IBM Security QRadarVersion 7.3.1

API Guide

IBM

NoteBefore you use this information and the product that it supports, read the information in “Notices” on page 2273.

Product information

This document applies to IBM QRadar Security Intelligence Platform V7.3.1 and subsequent releases unlesssuperseded by an updated version of this document.

© Copyright IBM Corporation 2014, 2017.US Government Users Restricted Rights – Use, duplication or disclosure restricted by GSA ADP Schedule Contractwith IBM Corp.

Contents

1 What's new for developers in RESTful APIs in QRadar V7.3.1 . . . . . . . . . . . . 1Deprecated endpoints in more detail . . . . . . . . . . . . . . . . . . . . . . . . . . . 2

2 RESTful API overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3Filter syntax . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5Sort syntax . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9Paging syntax . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10API error messages . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11Cross-origin resource sharing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13

3 API command-line client DEPRECATED . . . . . . . . . . . . . . . . . . . . . 15

4 API sample code. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17

5 Accessing the interactive API documentation page . . . . . . . . . . . . . . . . 19

6 REST API V9.1 References . . . . . . . . . . . . . . . . . . . . . . . . . . 21Analytics endpoints . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21

GET /analytics/ade_rules . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21GET /analytics/ade_rules/{id} . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22POST /analytics/ade_rules/{id} . . . . . . . . . . . . . . . . . . . . . . . . . . . 24DELETE /analytics/ade_rules/{id} . . . . . . . . . . . . . . . . . . . . . . . . . . 25GET /analytics/ade_rules/{id}/dependents . . . . . . . . . . . . . . . . . . . . . . . 26GET /analytics/ade_rules/ade_rule_delete_tasks/{task_id} . . . . . . . . . . . . . . . . . . 29GET /analytics/ade_rules/ade_rule_dependent_tasks/{task_id} . . . . . . . . . . . . . . . . . 30POST /analytics/ade_rules/ade_rule_dependent_tasks/{task_id} . . . . . . . . . . . . . . . . 32GET /analytics/ade_rules/ade_rule_dependent_tasks/{task_id}/results . . . . . . . . . . . . . . 35GET /analytics/building_blocks . . . . . . . . . . . . . . . . . . . . . . . . . . . 37GET /analytics/building_blocks/building_block_delete_tasks/{task_id} . . . . . . . . . . . . . . 38GET /analytics/building_blocks/building_block_dependent_tasks/{task_id} . . . . . . . . . . . . 40POST /analytics/building_blocks/building_block_dependent_tasks/{task_id} . . . . . . . . . . . . 42GET /analytics/building_blocks/building_block_dependent_tasks/{task_id}/results . . . . . . . . . . 45GET /analytics/building_blocks/{id} . . . . . . . . . . . . . . . . . . . . . . . . . . 47POST /analytics/building_blocks/{id} . . . . . . . . . . . . . . . . . . . . . . . . . 48DELETE /analytics/building_blocks/{id} . . . . . . . . . . . . . . . . . . . . . . . . 50GET /analytics/building_blocks/{id}/dependents . . . . . . . . . . . . . . . . . . . . . 51GET /analytics/custom_actions/actions . . . . . . . . . . . . . . . . . . . . . . . . . 54POST /analytics/custom_actions/actions . . . . . . . . . . . . . . . . . . . . . . . . 55GET /analytics/custom_actions/actions/{action_id} . . . . . . . . . . . . . . . . . . . . . 57POST /analytics/custom_actions/actions/{action_id} . . . . . . . . . . . . . . . . . . . . 58DELETE /analytics/custom_actions/actions/{action_id} . . . . . . . . . . . . . . . . . . . 60GET /analytics/custom_actions/interpreters . . . . . . . . . . . . . . . . . . . . . . . 60GET /analytics/custom_actions/interpreters/{interpreter_id} . . . . . . . . . . . . . . . . . . 61GET /analytics/custom_actions/scripts . . . . . . . . . . . . . . . . . . . . . . . . . 62POST /analytics/custom_actions/scripts . . . . . . . . . . . . . . . . . . . . . . . . 63GET /analytics/custom_actions/scripts/{script_id} . . . . . . . . . . . . . . . . . . . . . 64POST /analytics/custom_actions/scripts/{script_id} . . . . . . . . . . . . . . . . . . . . . 65DELETE /analytics/custom_actions/scripts/{script_id} . . . . . . . . . . . . . . . . . . . . 66GET /analytics/rule_groups. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 67GET /analytics/rule_groups/{group_id}. . . . . . . . . . . . . . . . . . . . . . . . . 68POST /analytics/rule_groups/{group_id} . . . . . . . . . . . . . . . . . . . . . . . . 70DELETE /analytics/rule_groups/{group_id} . . . . . . . . . . . . . . . . . . . . . . . 72GET /analytics/rules . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 73GET /analytics/rules/rule_delete_tasks/{task_id} . . . . . . . . . . . . . . . . . . . . . 75

© Copyright IBM Corp. 2014, 2017 iii

GET /analytics/rules/rule_dependent_tasks/{task_id} . . . . . . . . . . . . . . . . . . . . 76POST /analytics/rules/rule_dependent_tasks/{task_id} . . . . . . . . . . . . . . . . . . . 78GET /analytics/rules/rule_dependent_tasks/{task_id}/results . . . . . . . . . . . . . . . . . 81GET /analytics/rules/{id} . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 83POST /analytics/rules/{id} . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 84DELETE /analytics/rules/{id} . . . . . . . . . . . . . . . . . . . . . . . . . . . . 86GET /analytics/rules/{id}/dependents . . . . . . . . . . . . . . . . . . . . . . . . . 87

Ariel endpoints . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 90GET /ariel/databases . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 90GET /ariel/databases/{database_name} . . . . . . . . . . . . . . . . . . . . . . . . . 90GET /ariel/event_saved_search_groups . . . . . . . . . . . . . . . . . . . . . . . . . 91GET /ariel/event_saved_search_groups/{group_id} . . . . . . . . . . . . . . . . . . . . . 93POST /ariel/event_saved_search_groups/{group_id} . . . . . . . . . . . . . . . . . . . . 94DELETE /ariel/event_saved_search_groups/{group_id} . . . . . . . . . . . . . . . . . . . 96GET /ariel/flow_saved_search_groups . . . . . . . . . . . . . . . . . . . . . . . . . 97GET /ariel/flow_saved_search_groups/{group_id} . . . . . . . . . . . . . . . . . . . . . 99POST /ariel/flow_saved_search_groups/{group_id} . . . . . . . . . . . . . . . . . . . . 100DELETE /ariel/flow_saved_search_groups/{group_id} . . . . . . . . . . . . . . . . . . . 102GET /ariel/parser_keywords . . . . . . . . . . . . . . . . . . . . . . . . . . . . 103POST /ariel/processors/aql_metadata . . . . . . . . . . . . . . . . . . . . . . . . . 103GET /ariel/saved_search_delete_tasks/{task_id}. . . . . . . . . . . . . . . . . . . . . . 104GET /ariel/saved_search_dependent_tasks/{task_id} . . . . . . . . . . . . . . . . . . . . 106POST /ariel/saved_search_dependent_tasks/{task_id}. . . . . . . . . . . . . . . . . . . . 108GET /ariel/saved_search_dependent_tasks/{task_id}/results . . . . . . . . . . . . . . . . . 111GET /ariel/saved_searches . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 112GET /ariel/saved_searches/{id} . . . . . . . . . . . . . . . . . . . . . . . . . . . 114POST /ariel/saved_searches/{id} . . . . . . . . . . . . . . . . . . . . . . . . . . . 115DELETE /ariel/saved_searches/{id} . . . . . . . . . . . . . . . . . . . . . . . . . . 116GET /ariel/saved_searches/{id}/dependents . . . . . . . . . . . . . . . . . . . . . . . 117GET /ariel/searches . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 120POST /ariel/searches. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 120DELETE /ariel/searches/{search_id} . . . . . . . . . . . . . . . . . . . . . . . . . 122GET /ariel/searches/{search_id} . . . . . . . . . . . . . . . . . . . . . . . . . . . 124GET /ariel/searches/{search_id}/metadata . . . . . . . . . . . . . . . . . . . . . . . 125POST /ariel/searches/{search_id} . . . . . . . . . . . . . . . . . . . . . . . . . . 127GET /ariel/searches/{search_id}/results . . . . . . . . . . . . . . . . . . . . . . . . 129

POST /ariel/validators/aql . . . . . . . . . . . . . . . . . . . . . . . . . . . 130Asset model endpoints . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 131

GET /asset_model/assets . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 131POST /asset_model/assets/{asset_id} . . . . . . . . . . . . . . . . . . . . . . . . . 132GET /asset_model/properties . . . . . . . . . . . . . . . . . . . . . . . . . . . . 133GET /asset_model/saved_search_groups . . . . . . . . . . . . . . . . . . . . . . . . 134GET /asset_model/saved_search_groups/{group_id} . . . . . . . . . . . . . . . . . . . . 135POST /asset_model/saved_search_groups/{group_id}. . . . . . . . . . . . . . . . . . . . 137DELETE /asset_model/saved_search_groups/{group_id}. . . . . . . . . . . . . . . . . . . 138GET /asset_model/saved_searches . . . . . . . . . . . . . . . . . . . . . . . . . . 139GET /asset_model/saved_searches/{saved_search_id}. . . . . . . . . . . . . . . . . . . . 140POST /asset_model/saved_searches/{saved_search_id} . . . . . . . . . . . . . . . . . . . 141DELETE /asset_model/saved_searches/{saved_search_id} . . . . . . . . . . . . . . . . . . 143GET /asset_model/saved_searches/{saved_search_id}/results . . . . . . . . . . . . . . . . . 144

Authentication endpoints . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 145POST /auth/logout . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 145

Configuration endpoints. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 145GET /config/access/tenant_management/tenants . . . . . . . . . . . . . . . . . . . . . 146POST /config/access/tenant_management/tenants. . . . . . . . . . . . . . . . . . . . . 147GET /config/access/tenant_management/tenants/{tenant_id} . . . . . . . . . . . . . . . . . 148POST /config/access/tenant_management/tenants/{tenant_id} . . . . . . . . . . . . . . . . 148DELETE /config/access/tenant_management/tenants/{tenant_id} . . . . . . . . . . . . . . . 149GET /config/access/user_dependent_tasks/{task_id} . . . . . . . . . . . . . . . . . . . . 150POST /config/access/user_dependent_tasks/{task_id} . . . . . . . . . . . . . . . . . . . 152GET /config/access/user_dependent_tasks/{task_id}/results . . . . . . . . . . . . . . . . . 154

iv QRadar API Reference Guide

GET /config/access/users . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 156GET /config/access/users/{id}/dependents . . . . . . . . . . . . . . . . . . . . . . . 157GET /config/access/users/{id} . . . . . . . . . . . . . . . . . . . . . . . . . . . 159GET /config/deployment/hosts . . . . . . . . . . . . . . . . . . . . . . . . . . . 159GET /config/deployment/hosts/{id} . . . . . . . . . . . . . . . . . . . . . . . . . 162POST /config/deployment/hosts/{id} . . . . . . . . . . . . . . . . . . . . . . . . . 164GET /config/deployment/license_pool. . . . . . . . . . . . . . . . . . . . . . . . . 167GET /config/domain_management/domains. . . . . . . . . . . . . . . . . . . . . . . 168POST /config/domain_management/domains . . . . . . . . . . . . . . . . . . . . . . 170GET /config/domain_management/domains/{domain_id} . . . . . . . . . . . . . . . . . . 171POST /config/domain_management/domains/{domain_id}. . . . . . . . . . . . . . . . . . 172DELETE /config/domain_management/domains/{domain_id}. . . . . . . . . . . . . . . . . 174GET /config/event_retention_buckets . . . . . . . . . . . . . . . . . . . . . . . . . 175GET /config/event_retention_buckets/{id} . . . . . . . . . . . . . . . . . . . . . . . 177POST /config/event_retention_buckets/{id} . . . . . . . . . . . . . . . . . . . . . . . 178DELETE /config/event_retention_buckets/{id} . . . . . . . . . . . . . . . . . . . . . . 179DELETE /config/event_sources/custom_properties/calculated_properties/{calculated_property_id} . . . . 180GET /config/event_sources/custom_properties/calculated_properties/{calculated_property_id}/dependents 181GET /config/event_sources/custom_properties/calculated_properties/{calculated_property_id}. . . . . . 183POST /config/event_sources/custom_properties/calculated_properties/{calculated_property_id} . . . . . 185GET /config/event_sources/custom_properties/calculated_properties . . . . . . . . . . . . . . 187POST /config/event_sources/custom_properties/calculated_properties . . . . . . . . . . . . . . 189GET /config/event_sources/custom_properties/calculated_property_delete_tasks/{task_id} . . . . . . . 191GET /config/event_sources/custom_properties/calculated_property_dependent_tasks/{task_id} . . . . . 193POST /config/event_sources/custom_properties/calculated_property_dependent_tasks/{task_id} . . . . . 195GET /config/event_sources/custom_properties/calculated_property_dependent_tasks/{task_id}/results . . . 197GET /config/event_sources/custom_properties/calculated_property_operands . . . . . . . . . . . 199GET /config/event_sources/custom_properties/property_expressions . . . . . . . . . . . . . . 199POST /config/event_sources/custom_properties/property_expressions . . . . . . . . . . . . . . 201GET /config/event_sources/custom_properties/property_expressions/{expression_id} . . . . . . . . . 203POST /config/event_sources/custom_properties/property_expressions/{expression_id} . . . . . . . . 204DELETE /config/event_sources/custom_properties/property_expressions/{expression_id} . . . . . . . 206DELETE /config/event_sources/custom_properties/property_json_expressions/{expression_id}. . . . . . 207GET /config/event_sources/custom_properties/property_json_expressions/{expression_id} . . . . . . . 207POST /config/event_sources/custom_properties/property_json_expressions/{expression_id}. . . . . . . 209GET /config/event_sources/custom_properties/property_json_expressions. . . . . . . . . . . . . 211POST /config/event_sources/custom_properties/property_json_expressions . . . . . . . . . . . . 213GET /config/event_sources/custom_properties/regex_properties . . . . . . . . . . . . . . . . 215POST /config/event_sources/custom_properties/regex_properties . . . . . . . . . . . . . . . 217GET /config/event_sources/custom_properties/regex_properties/{regex_property_id} . . . . . . . . . 219POST /config/event_sources/custom_properties/regex_properties/{regex_property_id} . . . . . . . . 220DELETE /config/event_sources/custom_properties/regex_properties/{regex_property_id} . . . . . . . 222GET /config/event_sources/custom_properties/regex_properties/{regex_property_id}/dependents . . . . 224GET /config/event_sources/custom_properties/regex_property_delete_tasks/{task_id} . . . . . . . . 226GET /config/event_sources/custom_properties/regex_property_dependent_tasks/{task_id} . . . . . . . 228POST /config/event_sources/custom_properties/regex_property_dependent_tasks/{task_id}. . . . . . . 230GET /config/event_sources/custom_properties/regex_property_dependent_tasks/{task_id}/results . . . . 233GET /config/event_sources/event_collectors . . . . . . . . . . . . . . . . . . . . . . . 235GET /config/event_sources/event_collectors/{id} . . . . . . . . . . . . . . . . . . . . . 236GET /config/event_sources/log_source_management/autodetection/config_records/{config_id} . . . . . 237POST /config/event_sources/log_source_management/autodetection/config_records/{config_id} . . . . . 238GET /config/event_sources/log_source_management/autodetection/config_records . . . . . . . . . 239GET /config/event_sources/log_source_management/log_source_bulk_tasks/{id} . . . . . . . . . . 240POST /config/event_sources/log_source_management/log_source_bulk_tasks/{id} . . . . . . . . . . 241GET /config/event_sources/log_source_management/log_source_extensions . . . . . . . . . . . . 243GET /config/event_sources/log_source_management/log_source_extensions/{id} . . . . . . . . . . 244GET /config/event_sources/log_source_management/log_source_groups . . . . . . . . . . . . . 244GET /config/event_sources/log_source_management/log_source_groups/{id} . . . . . . . . . . . 246GET /config/event_sources/log_source_management/log_source_languages . . . . . . . . . . . . 247GET /config/event_sources/log_source_management/log_source_languages/{id} . . . . . . . . . . 248POST /config/event_sources/log_source_management/log_source_statistics . . . . . . . . . . . . 249

Contents v

GET /config/event_sources/log_source_management/log_source_types. . . . . . . . . . . . . . 252DELETE /config/event_sources/log_source_management/log_source_types/{id} . . . . . . . . . . 253GET /config/event_sources/log_source_management/log_source_types/{id} . . . . . . . . . . . . 254POST /config/event_sources/log_source_management/log_source_types/{id} . . . . . . . . . . . 255POST /config/event_sources/log_source_management/log_source_types . . . . . . . . . . . . . 257GET /config/event_sources/log_source_management/log_sources . . . . . . . . . . . . . . . 258DELETE /config/event_sources/log_source_management/log_sources/{id} . . . . . . . . . . . . 260GET /config/event_sources/log_source_management/log_sources/{id} . . . . . . . . . . . . . . 261POST /config/event_sources/log_source_management/log_sources/{id} . . . . . . . . . . . . . 263PATCH /config/event_sources/log_source_management/log_sources . . . . . . . . . . . . . . 267POST /config/event_sources/log_source_management/log_sources . . . . . . . . . . . . . . . 270GET /config/event_sources/log_source_management/protocol_types . . . . . . . . . . . . . . 274GET /config/event_sources/log_source_management/protocol_types/{id} . . . . . . . . . . . . . 276GET /config/event_sources/property_discovery_profiles . . . . . . . . . . . . . . . . . . . 279DELETE /config/event_sources/property_discovery_profiles/{id}. . . . . . . . . . . . . . . . 280GET /config/event_sources/property_discovery_profiles/{id} . . . . . . . . . . . . . . . . . 281POST /config/event_sources/property_discovery_profiles/{id}. . . . . . . . . . . . . . . . . 282POST /config/event_sources/property_discovery_profiles . . . . . . . . . . . . . . . . . . 283GET /config/event_sources/wincollect/wincollect_agents . . . . . . . . . . . . . . . . . . 285GET /config/event_sources/wincollect/wincollect_agents/{id} . . . . . . . . . . . . . . . . . 286GET /config/event_sources/wincollect/wincollect_destinations . . . . . . . . . . . . . . . . 287GET /config/event_sources/wincollect/wincollect_destinations/{id} . . . . . . . . . . . . . . . 289GET /config/extension_management/extensions . . . . . . . . . . . . . . . . . . . . . 290POST /config/extension_management/extensions . . . . . . . . . . . . . . . . . . . . . 292GET /config/extension_management/extensions/{extension_id} . . . . . . . . . . . . . . . . 294POST /config/extension_management/extensions/{extension_id}/metadata . . . . . . . . . . . . 296POST /config/extension_management/extensions/{extension_id} . . . . . . . . . . . . . . . . 297DELETE /config/extension_management/extensions/{extension_id} . . . . . . . . . . . . . . . 299GET /config/extension_management/extensions_task_status/{status_id} . . . . . . . . . . . . . 300GET /config/extension_management/extensions_task_status/{status_id}/results . . . . . . . . . . . 301GET /config/flow_retention_buckets . . . . . . . . . . . . . . . . . . . . . . . . . 303DELETE /config/flow_retention_buckets/{id} . . . . . . . . . . . . . . . . . . . . . . 304GET /config/flow_retention_buckets/{id} . . . . . . . . . . . . . . . . . . . . . . . . 305POST /config/flow_retention_buckets/{id} . . . . . . . . . . . . . . . . . . . . . . . 306DELETE /config/flow_sources/custom_properties/calculated_properties/{calculated_property_id} . . . . 307GET /config/flow_sources/custom_properties/calculated_properties/{calculated_property_id}/dependents 309GET /config/flow_sources/custom_properties/calculated_properties/{calculated_property_id} . . . . . . 311POST /config/flow_sources/custom_properties/calculated_properties/{calculated_property_id} . . . . . 312GET /config/flow_sources/custom_properties/calculated_properties. . . . . . . . . . . . . . . 315POST /config/flow_sources/custom_properties/calculated_properties . . . . . . . . . . . . . . 316GET /config/flow_sources/custom_properties/calculated_property_delete_tasks/{task_id} . . . . . . . 318GET /config/flow_sources/custom_properties/calculated_property_dependent_tasks/{task_id} . . . . . . 320POST /config/flow_sources/custom_properties/calculated_property_dependent_tasks/{task_id} . . . . . 322GET /config/flow_sources/custom_properties/calculated_property_dependent_tasks/{task_id}/results . . . 324GET /config/flow_sources/custom_properties/calculated_property_operands. . . . . . . . . . . . 326DELETE /config/flow_sources/custom_properties/property_expressions/{expression_id} . . . . . . . . 327GET /config/flow_sources/custom_properties/property_expressions/{expression_id} . . . . . . . . . 327POST /config/flow_sources/custom_properties/property_expressions/{expression_id}. . . . . . . . . 328GET /config/flow_sources/custom_properties/property_expressions. . . . . . . . . . . . . . . 330POST /config/flow_sources/custom_properties/property_expressions . . . . . . . . . . . . . . 332GET /config/flow_sources/custom_properties/regex_properties . . . . . . . . . . . . . . . . 334POST /config/flow_sources/custom_properties/regex_properties . . . . . . . . . . . . . . . . 335GET /config/flow_sources/custom_properties/regex_properties/{regex_property_id} . . . . . . . . . 337POST /config/flow_sources/custom_properties/regex_properties/{regex_property_id} . . . . . . . . . 338DELETE /config/flow_sources/custom_properties/regex_properties/{regex_property_id} . . . . . . . . 340GET /config/flow_sources/custom_properties/regex_properties/{regex_property_id}/dependents . . . . . 341GET /config/flow_sources/custom_properties/regex_property_delete_tasks/{task_id} . . . . . . . . . 344GET /config/flow_sources/custom_properties/regex_property_dependent_tasks/{task_id} . . . . . . . 345POST /config/flow_sources/custom_properties/regex_property_dependent_tasks/{task_id} . . . . . . . 347GET /config/flow_sources/custom_properties/regex_property_dependent_tasks/{task_id}/results . . . . . 350GET /config/global_system_notifications . . . . . . . . . . . . . . . . . . . . . . . . 352

vi QRadar API Reference Guide

GET /config/global_system_notifications/{notification_id} . . . . . . . . . . . . . . . . . . 353GET /config/network_hierarchy/networks . . . . . . . . . . . . . . . . . . . . . . . 354GET /config/network_hierarchy/staged_networks . . . . . . . . . . . . . . . . . . . . . 355PUT /config/network_hierarchy/staged_networks . . . . . . . . . . . . . . . . . . . . . 356GET /config/remote_networks . . . . . . . . . . . . . . . . . . . . . . . . . . . 358GET /config/remote_networks/{network_id}. . . . . . . . . . . . . . . . . . . . . . . 359GET /config/remote_services . . . . . . . . . . . . . . . . . . . . . . . . . . . . 360GET /config/remote_services/{service_id} . . . . . . . . . . . . . . . . . . . . . . . 362GET /config/resource_restrictions . . . . . . . . . . . . . . . . . . . . . . . . . . 363POST /config/resource_restrictions . . . . . . . . . . . . . . . . . . . . . . . . . . 364GET /config/resource_restrictions/{resource_restriction_id} . . . . . . . . . . . . . . . . . . 365DELETE /config/resource_restrictions/{resource_restriction_id} . . . . . . . . . . . . . . . . 365PUT /config/resource_restrictions/{resource_restriction_id} . . . . . . . . . . . . . . . . . . 366GET /config/store_and_forward/policies . . . . . . . . . . . . . . . . . . . . . . . . 367GET /config/store_and_forward/policies/{id} . . . . . . . . . . . . . . . . . . . . . . 368POST /config/store_and_forward/policies/{id} . . . . . . . . . . . . . . . . . . . . . . 370DELETE /config/store_and_forward/policies/{id} . . . . . . . . . . . . . . . . . . . . . 371

Data classification endpoints . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 371GET /data_classification/dsm_event_mappings . . . . . . . . . . . . . . . . . . . . . . 372POST /data_classification/dsm_event_mappings . . . . . . . . . . . . . . . . . . . . . 373GET /data_classification/dsm_event_mappings/{dsm_event_mapping_id} . . . . . . . . . . . . . 374POST /data_classification/dsm_event_mappings/{dsm_event_mapping_id} . . . . . . . . . . . . 375GET /data_classification/high_level_categories . . . . . . . . . . . . . . . . . . . . . . 377GET /data_classification/high_level_categories/{high_level_category_id} . . . . . . . . . . . . . 378GET /data_classification/low_level_categories . . . . . . . . . . . . . . . . . . . . . . 379GET /data_classification/low_level_categories/{low_level_category_id} . . . . . . . . . . . . . . 380GET /data_classification/qid_records . . . . . . . . . . . . . . . . . . . . . . . . . 381POST /data_classification/qid_records . . . . . . . . . . . . . . . . . . . . . . . . . 383GET /data_classification/qid_records/{qid_record_id}. . . . . . . . . . . . . . . . . . . . 384POST /data_classification/qid_records/{qid_record_id} . . . . . . . . . . . . . . . . . . . 385

Forensics endpoints . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 386GET /forensics/capture/recoveries . . . . . . . . . . . . . . . . . . . . . . . . . . 387POST /forensics/capture/recoveries. . . . . . . . . . . . . . . . . . . . . . . . . . 388GET /forensics/capture/recoveries/{id} . . . . . . . . . . . . . . . . . . . . . . . . 390GET /forensics/capture/recovery_tasks . . . . . . . . . . . . . . . . . . . . . . . . 391GET /forensics/capture/recovery_tasks/{id} . . . . . . . . . . . . . . . . . . . . . . . 393GET /forensics/case_management/case_create_tasks/{id} . . . . . . . . . . . . . . . . . . 394GET /forensics/case_management/cases . . . . . . . . . . . . . . . . . . . . . . . . 396POST /forensics/case_management/cases . . . . . . . . . . . . . . . . . . . . . . . . 397GET /forensics/case_management/cases/{id} . . . . . . . . . . . . . . . . . . . . . . 398

GUI application framework endpoints . . . . . . . . . . . . . . . . . . . . . . . . . . 399GET /gui_app_framework/application_creation_task . . . . . . . . . . . . . . . . . . . . 399POST /gui_app_framework/application_creation_task . . . . . . . . . . . . . . . . . . . 400GET /gui_app_framework/application_creation_task/{application_id}/auth . . . . . . . . . . . . 401POST /gui_app_framework/application_creation_task/{application_id}/auth . . . . . . . . . . . . 402GET /gui_app_framework/application_creation_task/{application_id} . . . . . . . . . . . . . . 403POST /gui_app_framework/application_creation_task/{application_id} . . . . . . . . . . . . . . 404GET /gui_app_framework/applications . . . . . . . . . . . . . . . . . . . . . . . . 404GET /gui_app_framework/applications/{application_id} . . . . . . . . . . . . . . . . . . . 407POST /gui_app_framework/applications/{application_id} . . . . . . . . . . . . . . . . . . 410PUT /gui_app_framework/applications/{application_id} . . . . . . . . . . . . . . . . . . . 413DELETE /gui_app_framework/applications/{application_id} . . . . . . . . . . . . . . . . . 414GET /gui_app_framework/named_services . . . . . . . . . . . . . . . . . . . . . . . 414GET /gui_app_framework/named_services/{uuid}. . . . . . . . . . . . . . . . . . . . . 416

Health data endpoints . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 418GET /health_data/security_data_count. . . . . . . . . . . . . . . . . . . . . . . . . 418GET /health_data/top_offenses . . . . . . . . . . . . . . . . . . . . . . . . . . . 419GET /health_data/top_rules . . . . . . . . . . . . . . . . . . . . . . . . . . . . 420

Help endpoints . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 421GET /help/endpoints . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 421GET /help/endpoints/{endpoint_id} . . . . . . . . . . . . . . . . . . . . . . . . . 423

Contents vii

GET /help/resources . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 426GET /help/resources/{resource_id} . . . . . . . . . . . . . . . . . . . . . . . . . . 427GET /help/versions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 428GET /help/versions/{version_id} . . . . . . . . . . . . . . . . . . . . . . . . . . 429

IBM QRadar Network Insights endpoints . . . . . . . . . . . . . . . . . . . . . . . . . 430GET /qni/hosts/{host_id}/configs . . . . . . . . . . . . . . . . . . . . . . . . . . 431POST /qni/hosts/{host_id}/configs/{id} . . . . . . . . . . . . . . . . . . . . . . . . 432GET /qni/stacking/stacks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 434POST /qni/stacking/stacks . . . . . . . . . . . . . . . . . . . . . . . . . . . . 435DELETE /qni/stacking/stacks/{stack_id} . . . . . . . . . . . . . . . . . . . . . . . . 436GET /qni/stacking/stacks/{stack_id} . . . . . . . . . . . . . . . . . . . . . . . . . 437POST /qni/stacking/stacks/{stack_id} . . . . . . . . . . . . . . . . . . . . . . . . . 438GET /qni/stacking/standalone_hosts . . . . . . . . . . . . . . . . . . . . . . . . . 439

IBM Security QRadar Risk Manager endpoints . . . . . . . . . . . . . . . . . . . . . . . 440GET /qrm/model_groups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 440GET /qrm/model_groups/{group_id} . . . . . . . . . . . . . . . . . . . . . . . . . 442POST /qrm/model_groups/{group_id}. . . . . . . . . . . . . . . . . . . . . . . . . 443DELETE /qrm/model_groups/{group_id} . . . . . . . . . . . . . . . . . . . . . . . . 445GET /qrm/qrm_saved_search_groups . . . . . . . . . . . . . . . . . . . . . . . . . 445GET /qrm/qrm_saved_search_groups/{group_id} . . . . . . . . . . . . . . . . . . . . . 447POST /qrm/qrm_saved_search_groups/{group_id} . . . . . . . . . . . . . . . . . . . . 448DELETE /qrm/qrm_saved_search_groups/{group_id}. . . . . . . . . . . . . . . . . . . . 450GET /qrm/question_groups . . . . . . . . . . . . . . . . . . . . . . . . . . . . 451GET /qrm/question_groups/{group_id} . . . . . . . . . . . . . . . . . . . . . . . . 452POST /qrm/question_groups/{group_id} . . . . . . . . . . . . . . . . . . . . . . . . 453DELETE /qrm/question_groups/{group_id} . . . . . . . . . . . . . . . . . . . . . . . 455GET /qrm/simulation_groups. . . . . . . . . . . . . . . . . . . . . . . . . . . . 456GET /qrm/simulation_groups/{group_id}. . . . . . . . . . . . . . . . . . . . . . . . 457POST /qrm/simulation_groups/{group_id} . . . . . . . . . . . . . . . . . . . . . . . 458DELETE /qrm/simulation_groups/{group_id} . . . . . . . . . . . . . . . . . . . . . . 460GET /qrm/topology_saved_search_groups . . . . . . . . . . . . . . . . . . . . . . . 461GET /qrm/topology_saved_search_groups/{group_id} . . . . . . . . . . . . . . . . . . . 462POST /qrm/topology_saved_search_groups/{group_id} . . . . . . . . . . . . . . . . . . . 464DELETE /qrm/topology_saved_search_groups/{group_id} . . . . . . . . . . . . . . . . . . 465

QRadar Vulnerability Manager endpoints . . . . . . . . . . . . . . . . . . . . . . . . . 466GET /qvm/assets . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 466GET /qvm/filters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 467GET /qvm/network . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 467GET /qvm/openservices . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 468GET /qvm/saved_search_groups. . . . . . . . . . . . . . . . . . . . . . . . . . . 469GET /qvm/saved_search_groups/{group_id}. . . . . . . . . . . . . . . . . . . . . . . 470POST /qvm/saved_search_groups/{group_id} . . . . . . . . . . . . . . . . . . . . . . 472DELETE /qvm/saved_search_groups/{group_id} . . . . . . . . . . . . . . . . . . . . . 473GET /qvm/saved_searches. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 474GET /qvm/saved_searches/vuln_instances/{task_id}/results/assets . . . . . . . . . . . . . . . 475GET /qvm/saved_searches/vuln_instances/{task_id}/results/vuln_instances . . . . . . . . . . . . 477GET /qvm/saved_searches/vuln_instances/{task_id}/results/vulnerabilities . . . . . . . . . . . . 478GET /qvm/saved_searches/vuln_instances/{task_id}/status . . . . . . . . . . . . . . . . . 479POST /qvm/saved_searches/vuln_instances/{task_id}/status . . . . . . . . . . . . . . . . . 480GET /qvm/saved_searches/{saved_search_id} . . . . . . . . . . . . . . . . . . . . . . 481POST /qvm/saved_searches/{saved_search_id} . . . . . . . . . . . . . . . . . . . . . . 482DELETE /qvm/saved_searches/{saved_search_id} . . . . . . . . . . . . . . . . . . . . . 483GET /qvm/saved_searches/{saved_search_id}/vuln_instances . . . . . . . . . . . . . . . . . 484POST /qvm/tickets/assign. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 485GET /qvm/vulns . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 486

Reference data endpoints . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 486GET /reference_data/map_delete_tasks/{task_id} . . . . . . . . . . . . . . . . . . . . . 486GET /reference_data/map_dependent_tasks/{task_id} . . . . . . . . . . . . . . . . . . . 488POST /reference_data/map_dependent_tasks/{task_id} . . . . . . . . . . . . . . . . . . . 490GET /reference_data/map_dependent_tasks/{task_id}/results . . . . . . . . . . . . . . . . . 493GET /reference_data/map_of_sets . . . . . . . . . . . . . . . . . . . . . . . . . . 495

viii QRadar API Reference Guide

POST /reference_data/map_of_sets . . . . . . . . . . . . . . . . . . . . . . . . . . 496POST /reference_data/map_of_sets/bulk_load/{name} . . . . . . . . . . . . . . . . . . . 497GET /reference_data/map_of_sets/{name} . . . . . . . . . . . . . . . . . . . . . . . 498POST /reference_data/map_of_sets/{name} . . . . . . . . . . . . . . . . . . . . . . . 499DELETE /reference_data/map_of_sets/{name} . . . . . . . . . . . . . . . . . . . . . . 501GET /reference_data/map_of_sets/{name}/dependents . . . . . . . . . . . . . . . . . . . 502DELETE /reference_data/map_of_sets/{name}/{key} . . . . . . . . . . . . . . . . . . . . 504GET /reference_data/map_of_sets_delete_tasks/{task_id} . . . . . . . . . . . . . . . . . . 505GET /reference_data/map_of_sets_dependent_tasks/{task_id} . . . . . . . . . . . . . . . . . 507POST /reference_data/map_of_sets_dependent_tasks/{task_id} . . . . . . . . . . . . . . . . 509GET /reference_data/map_of_sets_dependent_tasks/{task_id}/results . . . . . . . . . . . . . . 512GET /reference_data/maps. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 514POST /reference_data/maps . . . . . . . . . . . . . . . . . . . . . . . . . . . . 515POST /reference_data/maps/bulk_load/{name}. . . . . . . . . . . . . . . . . . . . . . 516GET /reference_data/maps/{name} . . . . . . . . . . . . . . . . . . . . . . . . . . 517POST /reference_data/maps/{name} . . . . . . . . . . . . . . . . . . . . . . . . . 518DELETE /reference_data/maps/{name} . . . . . . . . . . . . . . . . . . . . . . . . 519GET /reference_data/maps/{name}/dependents . . . . . . . . . . . . . . . . . . . . . 521DELETE /reference_data/maps/{name}/{key} . . . . . . . . . . . . . . . . . . . . . . 523GET /reference_data/set_delete_tasks/{task_id} . . . . . . . . . . . . . . . . . . . . . . 524GET /reference_data/set_dependent_tasks/{task_id} . . . . . . . . . . . . . . . . . . . . 525POST /reference_data/set_dependent_tasks/{task_id} . . . . . . . . . . . . . . . . . . . . 527GET /reference_data/set_dependent_tasks/{task_id}/results . . . . . . . . . . . . . . . . . 530GET /reference_data/sets . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 532POST /reference_data/sets . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 533POST /reference_data/sets/bulk_load/{name} . . . . . . . . . . . . . . . . . . . . . . 534GET /reference_data/sets/{name} . . . . . . . . . . . . . . . . . . . . . . . . . . 535POST /reference_data/sets/{name} . . . . . . . . . . . . . . . . . . . . . . . . . . 536DELETE /reference_data/sets/{name} . . . . . . . . . . . . . . . . . . . . . . . . . 538DELETE /reference_data/sets/{name}/{value} . . . . . . . . . . . . . . . . . . . . . . 539GET /reference_data/sets/{name}/dependents . . . . . . . . . . . . . . . . . . . . . . 540GET /reference_data/tables_delete_tasks/{task_id} . . . . . . . . . . . . . . . . . . . . . 542GET /reference_data/tables_dependent_tasks/{task_id} . . . . . . . . . . . . . . . . . . . 543POST /reference_data/tables_dependent_tasks/{task_id} . . . . . . . . . . . . . . . . . . . 545GET /reference_data/tables_dependent_tasks/{task_id}/results . . . . . . . . . . . . . . . . 548POST /reference_data/tables/bulk_load/{name} . . . . . . . . . . . . . . . . . . . . . 549GET /reference_data/tables . . . . . . . . . . . . . . . . . . . . . . . . . . . . 550GET /reference_data/tables/{name} . . . . . . . . . . . . . . . . . . . . . . . . . . 551POST /reference_data/tables/{name} . . . . . . . . . . . . . . . . . . . . . . . . . 553DELETE /reference_data/tables/{name} . . . . . . . . . . . . . . . . . . . . . . . . 554GET /reference_data/tables/{name}/dependents . . . . . . . . . . . . . . . . . . . . . 556DELETE /reference_data/tables/{name}/{outer_key}/{inner_key} . . . . . . . . . . . . . . . . 557POST /reference_data/tables . . . . . . . . . . . . . . . . . . . . . . . . . . . . 559

Scanner endpoints . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 560GET /scanner/profiles . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 560POST /scanner/profiles/create . . . . . . . . . . . . . . . . . . . . . . . . . . . 560POST /scanner/profiles/start . . . . . . . . . . . . . . . . . . . . . . . . . . . . 561GET /scanner/scanprofiles . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 562POST /scanner/scanprofiles . . . . . . . . . . . . . . . . . . . . . . . . . . . . 563GET /scanner/scanprofiles/{profileid} . . . . . . . . . . . . . . . . . . . . . . . . . 564POST /scanner/scanprofiles/{profileid} . . . . . . . . . . . . . . . . . . . . . . . . 566DELETE /scanner/scanprofiles/{profileid} . . . . . . . . . . . . . . . . . . . . . . . 567GET /scanner/scanprofiles/{profileid}/runs . . . . . . . . . . . . . . . . . . . . . . . 567GET /scanner/scanprofiles/{profileid}/runs/{run_id} . . . . . . . . . . . . . . . . . . . . 568GET /scanner/scanprofiles/{profileid}/runs/{run_id}/results . . . . . . . . . . . . . . . . . 569POST /scanner/scanprofiles/{profileid}/start . . . . . . . . . . . . . . . . . . . . . . 570

Services endpoints. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 571POST /services/dig_lookups . . . . . . . . . . . . . . . . . . . . . . . . . . . . 571GET /services/dig_lookups/{dig_lookup_id}. . . . . . . . . . . . . . . . . . . . . . . 572POST /services/dns_lookups . . . . . . . . . . . . . . . . . . . . . . . . . . . . 573GET /services/dns_lookups/{dns_lookup_id} . . . . . . . . . . . . . . . . . . . . . . 574

Contents ix

GET /services/geolocations . . . . . . . . . . . . . . . . . . . . . . . . . . . . 575POST /services/port_scans. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 579GET /services/port_scans/{port_scan_id} . . . . . . . . . . . . . . . . . . . . . . . . 580POST /services/whois_lookups . . . . . . . . . . . . . . . . . . . . . . . . . . . 581GET /services/whois_lookups/{whois_lookup_id} . . . . . . . . . . . . . . . . . . . . . 582

SIEM endpoints . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 583GET /siem/local_destination_addresses . . . . . . . . . . . . . . . . . . . . . . . . 583GET /siem/local_destination_addresses/{local_destination_address_id} . . . . . . . . . . . . . . 584GET /siem/offense_closing_reasons . . . . . . . . . . . . . . . . . . . . . . . . . . 586POST /siem/offense_closing_reasons . . . . . . . . . . . . . . . . . . . . . . . . . 587GET /siem/offense_closing_reasons/{closing_reason_id} . . . . . . . . . . . . . . . . . . . 588GET /siem/offense_saved_search_delete_tasks/{task_id} . . . . . . . . . . . . . . . . . . . 589GET /siem/offense_saved_search_dependent_tasks/{task_id} . . . . . . . . . . . . . . . . . 590POST /siem/offense_saved _search_dependent_tasks/{task_id} . . . . . . . . . . . . . . . . 592GET /siem/offense_saved _search_dependent_tasks/{task_id}/results . . . . . . . . . . . . . . 595GET /siem/offense_saved_search_groups . . . . . . . . . . . . . . . . . . . . . . . . 597GET /siem/offense_saved_search_groups/{group_id} . . . . . . . . . . . . . . . . . . . . 598POST /siem/offense_saved_search_groups/{group_id} . . . . . . . . . . . . . . . . . . . 600DELETE /siem/offense_saved_search_groups/{group_id} . . . . . . . . . . . . . . . . . . 601GET /siem/offense_saved_searches . . . . . . . . . . . . . . . . . . . . . . . . . . 602GET /siem/offense_saved_searches/{id} . . . . . . . . . . . . . . . . . . . . . . . . 603POST /siem/offense_saved_searches/{id} . . . . . . . . . . . . . . . . . . . . . . . . 604DELETE /siem/offense_saved_searches/{id} . . . . . . . . . . . . . . . . . . . . . . . 606GET /siem/offense_saved_searches/{id}/dependents . . . . . . . . . . . . . . . . . . . . 607GET /siem/offenses . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 610GET /siem/offenses/{offense_id}. . . . . . . . . . . . . . . . . . . . . . . . . . . 612GET /siem/offenses/{offense_id}/notes . . . . . . . . . . . . . . . . . . . . . . . . 615GET /siem/offenses/{offense_id}/notes/{note_id} . . . . . . . . . . . . . . . . . . . . . 616POST /siem/offenses/{offense_id}/notes . . . . . . . . . . . . . . . . . . . . . . . . 617POST /siem/offenses/{offense_id} . . . . . . . . . . . . . . . . . . . . . . . . . . 617GET /siem/offense_types . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 620GET /siem/offense_types/{offense_type_id} . . . . . . . . . . . . . . . . . . . . . . . 622GET /siem/source_addresses . . . . . . . . . . . . . . . . . . . . . . . . . . . . 623GET /siem/source_addresses/{source_address_id} . . . . . . . . . . . . . . . . . . . . . 624

Staged configuration endpoints . . . . . . . . . . . . . . . . . . . . . . . . . . . . 625GET /staged_config/access/user_delete_tasks/{task_id} . . . . . . . . . . . . . . . . . . . 625GET /staged_config/access/users . . . . . . . . . . . . . . . . . . . . . . . . . . 626DELETE /staged_config/access/users/{id} . . . . . . . . . . . . . . . . . . . . . . . 627GET /staged_config/access/users/{id} . . . . . . . . . . . . . . . . . . . . . . . . . 629GET /staged_config/deploy_status . . . . . . . . . . . . . . . . . . . . . . . . . . 629POST /staged_config/deploy_status. . . . . . . . . . . . . . . . . . . . . . . . . . 630GET /staged_config/deployment/hosts . . . . . . . . . . . . . . . . . . . . . . . . 632GET /staged_config/deployment/hosts/{id} . . . . . . . . . . . . . . . . . . . . . . . 634GET /staged_config/global_system_notifications . . . . . . . . . . . . . . . . . . . . . 637GET /staged_config/global_system_notifications/{notification_id}. . . . . . . . . . . . . . . . 638POST /staged_config/global_system_notifications/{notification_id} . . . . . . . . . . . . . . . 639GET /staged_config/remote_networks . . . . . . . . . . . . . . . . . . . . . . . . . 640POST /staged_config/remote_networks . . . . . . . . . . . . . . . . . . . . . . . . 641GET /staged_config/remote_networks/{network_id} . . . . . . . . . . . . . . . . . . . . 642POST /staged_config/remote_networks/{network_id}. . . . . . . . . . . . . . . . . . . . 643DELETE /staged_config/remote_networks/{network_id} . . . . . . . . . . . . . . . . . . . 644GET /staged_config/remote_services . . . . . . . . . . . . . . . . . . . . . . . . . 645POST /staged_config/remote_services . . . . . . . . . . . . . . . . . . . . . . . . . 646GET /staged_config/remote_services/{service_id} . . . . . . . . . . . . . . . . . . . . . 647POST /staged_config/remote_services/{service_id}. . . . . . . . . . . . . . . . . . . . . 648DELETE /staged_config/remote_services/{service_id}. . . . . . . . . . . . . . . . . . . . 649DELETE /staged_config/yara_rules . . . . . . . . . . . . . . . . . . . . . . . . . . 650PUT /staged_config/yara_rules . . . . . . . . . . . . . . . . . . . . . . . . . . . 650

System endpoints . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 651GET /system/authorization/password_policies . . . . . . . . . . . . . . . . . . . . . . 651GET /system/authorization/password_policies/{id} . . . . . . . . . . . . . . . . . . . . 653

x QRadar API Reference Guide

POST /system/authorization/password_policies/{id} . . . . . . . . . . . . . . . . . . . . 654POST /system/authorization/password_validators. . . . . . . . . . . . . . . . . . . . . 656GET /system/information/encodings . . . . . . . . . . . . . . . . . . . . . . . . . 658GET /system/information/locales . . . . . . . . . . . . . . . . . . . . . . . . . . 659GET /system/servers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 660GET /system/servers/{server_id} . . . . . . . . . . . . . . . . . . . . . . . . . . 661POST /system/servers/{server_id} . . . . . . . . . . . . . . . . . . . . . . . . . . 662GET /system/servers/{server_id}/firewall_rules . . . . . . . . . . . . . . . . . . . . . 663PUT /system/servers/{server_id}/firewall_rules . . . . . . . . . . . . . . . . . . . . . 664GET /system/servers/{server_id}/network_interfaces/bonded . . . . . . . . . . . . . . . . . 666POST /system/servers/{server_id}/network_interfaces/bonded . . . . . . . . . . . . . . . . 668POST /system/servers/{server_id}/network_interfaces/bonded/{device_name} . . . . . . . . . . . 669DELETE /system/servers/{server_id}/network_interfaces/bonded/{device_name} . . . . . . . . . . 671GET /system/servers/{server_id}/network_interfaces/ethernet . . . . . . . . . . . . . . . . 672POST /system/servers/{server_id}/network_interfaces/ethernet/{device_name} . . . . . . . . . . . 674GET /system/servers/{server_id}/system_time_settings . . . . . . . . . . . . . . . . . . . 675POST /system/servers/{server_id}/system_time_settings . . . . . . . . . . . . . . . . . . 676GET /system/servers/{server_id}/timezones . . . . . . . . . . . . . . . . . . . . . . . 678

7 Previous REST API versions . . . . . . . . . . . . . . . . . . . . . . . . . 681REST API V9.0 References . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 681

Analytics endpoints . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 681GET /analytics/ade_rules . . . . . . . . . . . . . . . . . . . . . . . . . . . . 681GET /analytics/ade_rules/{id} . . . . . . . . . . . . . . . . . . . . . . . . . . 682POST /analytics/ade_rules/{id} . . . . . . . . . . . . . . . . . . . . . . . . . . 684DELETE /analytics/ade_rules/{id} . . . . . . . . . . . . . . . . . . . . . . . . . 685GET /analytics/ade_rules/{id}/dependents . . . . . . . . . . . . . . . . . . . . . . 686GET /analytics/ade_rules/ade_rule_delete_tasks/{task_id} . . . . . . . . . . . . . . . . . 689GET /analytics/ade_rules/ade_rule_dependent_tasks/{task_id} . . . . . . . . . . . . . . . 690POST /analytics/ade_rules/ade_rule_dependent_tasks/{task_id} . . . . . . . . . . . . . . . 692GET /analytics/ade_rules/ade_rule_dependent_tasks/{task_id}/results . . . . . . . . . . . . . 695GET /analytics/building_blocks . . . . . . . . . . . . . . . . . . . . . . . . . . 697GET /analytics/building_blocks/building_block_delete_tasks/{task_id} . . . . . . . . . . . . . 698GET /analytics/building_blocks/building_block_dependent_tasks/{task_id} . . . . . . . . . . . 700POST /analytics/building_blocks/building_block_dependent_tasks/{task_id} . . . . . . . . . . . 702GET /analytics/building_blocks/building_block_dependent_tasks/{task_id}/results . . . . . . . . 705GET /analytics/building_blocks/{id} . . . . . . . . . . . . . . . . . . . . . . . . 706POST /analytics/building_blocks/{id} . . . . . . . . . . . . . . . . . . . . . . . . 708DELETE /analytics/building_blocks/{id} . . . . . . . . . . . . . . . . . . . . . . . 710GET /analytics/building_blocks/{id}/dependents . . . . . . . . . . . . . . . . . . . . 711GET /analytics/custom_actions/actions . . . . . . . . . . . . . . . . . . . . . . . 713POST /analytics/custom_actions/actions . . . . . . . . . . . . . . . . . . . . . . . 715GET /analytics/custom_actions/actions/{action_id} . . . . . . . . . . . . . . . . . . . 717POST /analytics/custom_actions/actions/{action_id} . . . . . . . . . . . . . . . . . . . 718DELETE /analytics/custom_actions/actions/{action_id} . . . . . . . . . . . . . . . . . . 720GET /analytics/custom_actions/interpreters . . . . . . . . . . . . . . . . . . . . . . 720GET /analytics/custom_actions/interpreters/{interpreter_id} . . . . . . . . . . . . . . . . 721GET /analytics/custom_actions/scripts . . . . . . . . . . . . . . . . . . . . . . . 722POST /analytics/custom_actions/scripts . . . . . . . . . . . . . . . . . . . . . . . 723GET /analytics/custom_actions/scripts/{script_id} . . . . . . . . . . . . . . . . . . . . 724POST /analytics/custom_actions/scripts/{script_id} . . . . . . . . . . . . . . . . . . . 725DELETE /analytics/custom_actions/scripts/{script_id} . . . . . . . . . . . . . . . . . . 726GET /analytics/rule_groups . . . . . . . . . . . . . . . . . . . . . . . . . . . 727GET /analytics/rule_groups/{group_id} . . . . . . . . . . . . . . . . . . . . . . . 728POST /analytics/rule_groups/{group_id} . . . . . . . . . . . . . . . . . . . . . . . 730DELETE /analytics/rule_groups/{group_id} . . . . . . . . . . . . . . . . . . . . . . 731GET /analytics/rules . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 732GET /analytics/rules/rule_delete_tasks/{task_id} . . . . . . . . . . . . . . . . . . . . 734GET /analytics/rules/rule_dependent_tasks/{task_id} . . . . . . . . . . . . . . . . . . 735POST /analytics/rules/rule_dependent_tasks/{task_id} . . . . . . . . . . . . . . . . . . 738GET /analytics/rules/rule_dependent_tasks/{task_id}/results . . . . . . . . . . . . . . . . 740

Contents xi

GET /analytics/rules/{id} . . . . . . . . . . . . . . . . . . . . . . . . . . . . 742POST /analytics/rules/{id}. . . . . . . . . . . . . . . . . . . . . . . . . . . . 743DELETE /analytics/rules/{id} . . . . . . . . . . . . . . . . . . . . . . . . . . . 745GET /analytics/rules/{id}/dependents . . . . . . . . . . . . . . . . . . . . . . . . 747

Ariel endpoints. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 749GET /ariel/databases . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 749GET /ariel/databases/{database_name} . . . . . . . . . . . . . . . . . . . . . . . 750GET /ariel/event_saved_search_groups . . . . . . . . . . . . . . . . . . . . . . . 751GET /ariel/event_saved_search_groups/{group_id} . . . . . . . . . . . . . . . . . . . 752POST /ariel/event_saved_search_groups/{group_id} . . . . . . . . . . . . . . . . . . . 754DELETE /ariel/event_saved_search_groups/{group_id} . . . . . . . . . . . . . . . . . . 756GET /ariel/flow_saved_search_groups . . . . . . . . . . . . . . . . . . . . . . . . 757GET /ariel/flow_saved_search_groups/{group_id} . . . . . . . . . . . . . . . . . . . . 758POST /ariel/flow_saved_search_groups/{group_id} . . . . . . . . . . . . . . . . . . . 759DELETE /ariel/flow_saved_search_groups/{group_id} . . . . . . . . . . . . . . . . . . 761GET /ariel/parser_keywords . . . . . . . . . . . . . . . . . . . . . . . . . . . 762POST /ariel/processors/aql_metadata . . . . . . . . . . . . . . . . . . . . . . . . 763GET /ariel/saved_search_delete_tasks/{task_id}. . . . . . . . . . . . . . . . . . . . . 764GET /ariel/saved_search_dependent_tasks/{task_id} . . . . . . . . . . . . . . . . . . . 765POST /ariel/saved_search_dependent_tasks/{task_id}. . . . . . . . . . . . . . . . . . . 767GET /ariel/saved_search_dependent_tasks/{task_id}/results . . . . . . . . . . . . . . . . 770GET /ariel/saved_searches . . . . . . . . . . . . . . . . . . . . . . . . . . . . 772GET /ariel/saved_searches/{id} . . . . . . . . . . . . . . . . . . . . . . . . . . 773POST /ariel/saved_searches/{id}. . . . . . . . . . . . . . . . . . . . . . . . . . 774DELETE /ariel/saved_searches/{id} . . . . . . . . . . . . . . . . . . . . . . . . . 775GET /ariel/saved_searches/{id}/dependents . . . . . . . . . . . . . . . . . . . . . . 777GET /ariel/searches . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 779POST /ariel/searches. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 780DELETE /ariel/searches/{search_id} . . . . . . . . . . . . . . . . . . . . . . . . 782GET /ariel/searches/{search_id} . . . . . . . . . . . . . . . . . . . . . . . . . . 783GET /ariel/searches/{search_id}/metadata . . . . . . . . . . . . . . . . . . . . . . 785POST /ariel/searches/{search_id} . . . . . . . . . . . . . . . . . . . . . . . . . 786GET /ariel/searches/{search_id}/results . . . . . . . . . . . . . . . . . . . . . . . 788

Asset model endpoints . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 790GET /asset_model/assets . . . . . . . . . . . . . . . . . . . . . . . . . . . . 790POST /asset_model/assets/{asset_id} . . . . . . . . . . . . . . . . . . . . . . . . 792GET /asset_model/properties . . . . . . . . . . . . . . . . . . . . . . . . . . . 792GET /asset_model/saved_search_groups . . . . . . . . . . . . . . . . . . . . . . . 793GET /asset_model/saved_search_groups/{group_id} . . . . . . . . . . . . . . . . . . . 795POST /asset_model/saved_search_groups/{group_id}. . . . . . . . . . . . . . . . . . . 796DELETE /asset_model/saved_search_groups/{group_id}. . . . . . . . . . . . . . . . . . 798GET /asset_model/saved_searches . . . . . . . . . . . . . . . . . . . . . . . . . 799GET /asset_model/saved_searches/{saved_search_id}. . . . . . . . . . . . . . . . . . . 800POST /asset_model/saved_searches/{saved_search_id} . . . . . . . . . . . . . . . . . . 801DELETE /asset_model/saved_searches/{saved_search_id} . . . . . . . . . . . . . . . . . 802GET /asset_model/saved_searches/{saved_search_id}/results . . . . . . . . . . . . . . . . 803

Authentication endpoints . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 804POST /auth/logout . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 804

Configuration endpoints. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 805GET /config/access/tenant_management/tenants . . . . . . . . . . . . . . . . . . . . 805POST /config/access/tenant_management/tenants. . . . . . . . . . . . . . . . . . . . 806GET /config/access/tenant_management/tenants/{tenant_id} . . . . . . . . . . . . . . . . 807POST /config/access/tenant_management/tenants/{tenant_id} . . . . . . . . . . . . . . . 808DELETE /config/access/tenant_management/tenants/{tenant_id} . . . . . . . . . . . . . . 809GET /config/access/user_dependent_tasks/{task_id} . . . . . . . . . . . . . . . . . . . 809POST /config/access/user_dependent_tasks/{task_id} . . . . . . . . . . . . . . . . . . 811GET /config/access/user_dependent_tasks/{task_id}/results . . . . . . . . . . . . . . . . 814GET /config/access/users . . . . . . . . . . . . . . . . . . . . . . . . . . . . 815GET /config/access/users/{id}/dependents . . . . . . . . . . . . . . . . . . . . . . 816GET /config/access/users/{id} . . . . . . . . . . . . . . . . . . . . . . . . . . 818GET /config/deployment/hosts . . . . . . . . . . . . . . . . . . . . . . . . . . 818

xii QRadar API Reference Guide

GET /config/deployment/hosts/{id} . . . . . . . . . . . . . . . . . . . . . . . . 821POST /config/deployment/hosts/{id} . . . . . . . . . . . . . . . . . . . . . . . . 823GET /config/deployment/license_pool. . . . . . . . . . . . . . . . . . . . . . . . 826GET /config/domain_management/domains. . . . . . . . . . . . . . . . . . . . . . 827POST /config/domain_management/domains . . . . . . . . . . . . . . . . . . . . . 829GET /config/domain_management/domains/{domain_id} . . . . . . . . . . . . . . . . . 830POST /config/domain_management/domains/{domain_id}. . . . . . . . . . . . . . . . . 831DELETE /config/domain_management/domains/{domain_id}. . . . . . . . . . . . . . . . 833GET /config/event_retention_buckets . . . . . . . . . . . . . . . . . . . . . . . . 834GET /config/event_retention_buckets/{id} . . . . . . . . . . . . . . . . . . . . . . 835POST /config/event_retention_buckets/{id} . . . . . . . . . . . . . . . . . . . . . . 837DELETE /config/event_retention_buckets/{id} . . . . . . . . . . . . . . . . . . . . . 838DELETE /config/event_sources/custom_properties/calculated_properties/{calculated_property_id} . . . 838GET /config/event_sources/custom_properties/calculated_properties/{calculated_property_id}/dependents . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 840GET /config/event_sources/custom_properties/calculated_properties/{calculated_property_id}. . . . . 842POST /config/event_sources/custom_properties/calculated_properties/{calculated_property_id} . . . . 843GET /config/event_sources/custom_properties/calculated_properties . . . . . . . . . . . . . 846POST /config/event_sources/custom_properties/calculated_properties . . . . . . . . . . . . . 847GET /config/event_sources/custom_properties/calculated_property_delete_tasks/{task_id} . . . . . . 849GET /config/event_sources/custom_properties/calculated_property_dependent_tasks/{task_id} . . . . 851POST /config/event_sources/custom_properties/calculated_property_dependent_tasks/{task_id} . . . . 853GET /config/event_sources/custom_properties/calculated_property_dependent_tasks/{task_id}/results 855GET /config/event_sources/custom_properties/calculated_property_operands . . . . . . . . . . 857GET /config/event_sources/custom_properties/property_expressions . . . . . . . . . . . . . 857POST /config/event_sources/custom_properties/property_expressions . . . . . . . . . . . . . 859GET /config/event_sources/custom_properties/property_expressions/{expression_id} . . . . . . . . 861POST /config/event_sources/custom_properties/property_expressions/{expression_id} . . . . . . . 862DELETE /config/event_sources/custom_properties/property_expressions/{expression_id} . . . . . . 864DELETE /config/event_sources/custom_properties/property_json_expressions/{expression_id}. . . . . 864GET /config/event_sources/custom_properties/property_json_expressions/{expression_id} . . . . . . 865POST /config/event_sources/custom_properties/property_json_expressions/{expression_id}. . . . . . 867GET /config/event_sources/custom_properties/property_json_expressions . . . . . . . . . . . 869POST /config/event_sources/custom_properties/property_json_expressions . . . . . . . . . . . 871GET /config/event_sources/custom_properties/regex_properties . . . . . . . . . . . . . . . 873POST /config/event_sources/custom_properties/regex_properties . . . . . . . . . . . . . . 875GET /config/event_sources/custom_properties/regex_properties/{regex_property_id} . . . . . . . . 877POST /config/event_sources/custom_properties/regex_properties/{regex_property_id} . . . . . . . 878DELETE /config/event_sources/custom_properties/regex_properties/{regex_property_id} . . . . . . 880GET /config/event_sources/custom_properties/regex_properties/{regex_property_id}/dependents . . . 882GET /config/event_sources/custom_properties/regex_property_delete_tasks/{task_id} . . . . . . . 884GET /config/event_sources/custom_properties/regex_property_dependent_tasks/{task_id} . . . . . . 885POST /config/event_sources/custom_properties/regex_property_dependent_tasks/{task_id}. . . . . . 888GET /config/event_sources/custom_properties/regex_property_dependent_tasks/{task_id}/results . . . 891GET /config/event_sources/event_collectors . . . . . . . . . . . . . . . . . . . . . . 893GET /config/event_sources/event_collectors/{id} . . . . . . . . . . . . . . . . . . . . 894GET /config/event_sources/log_source_management/autodetection/config_records/{config_id} . . . . 895POST /config/event_sources/log_source_management/autodetection/config_records/{config_id} . . . . 896GET /config/event_sources/log_source_management/autodetection/config_records . . . . . . . . 897GET /config/event_sources/log_source_management/log_source_extensions . . . . . . . . . . . 898GET /config/event_sources/log_source_management/log_source_extensions/{id} . . . . . . . . . 899GET /config/event_sources/log_source_management/log_source_groups . . . . . . . . . . . . 900GET /config/event_sources/log_source_management/log_source_groups/{id} . . . . . . . . . . 901GET /config/event_sources/log_source_management/log_source_languages . . . . . . . . . . . 902GET /config/event_sources/log_source_management/log_source_languages/{id} . . . . . . . . . 903GET /config/event_sources/log_source_management/log_source_types. . . . . . . . . . . . . 904DELETE /config/event_sources/log_source_management/log_source_types/{id} . . . . . . . . . 905GET /config/event_sources/log_source_management/log_source_types/{id} . . . . . . . . . . . 906POST /config/event_sources/log_source_management/log_source_types/{id} . . . . . . . . . . 907POST /config/event_sources/log_source_management/log_source_types . . . . . . . . . . . . 909GET /config/event_sources/log_source_management/log_sources . . . . . . . . . . . . . . 911

Contents xiii

DELETE /config/event_sources/log_source_management/log_sources/{id} . . . . . . . . . . . 913GET /config/event_sources/log_source_management/log_sources/{id} . . . . . . . . . . . . . 913POST /config/event_sources/log_source_management/log_sources/{id} . . . . . . . . . . . . 915POST /config/event_sources/log_source_management/log_sources . . . . . . . . . . . . . . 919GET /config/event_sources/log_source_management/protocol_types . . . . . . . . . . . . . 923GET /config/event_sources/log_source_management/protocol_types/{id} . . . . . . . . . . . . 926GET /config/event_sources/property_discovery_profiles . . . . . . . . . . . . . . . . . . 929DELETE /config/event_sources/property_discovery_profiles/{id}. . . . . . . . . . . . . . . 930GET /config/event_sources/property_discovery_profiles/{id} . . . . . . . . . . . . . . . . 930POST /config/event_sources/property_discovery_profiles/{id}. . . . . . . . . . . . . . . . 931POST /config/event_sources/property_discovery_profiles . . . . . . . . . . . . . . . . . 933GET /config/event_sources/wincollect/wincollect_agents . . . . . . . . . . . . . . . . . 934GET /config/event_sources/wincollect/wincollect_agents/{id} . . . . . . . . . . . . . . . . 936GET /config/event_sources/wincollect/wincollect_destinations . . . . . . . . . . . . . . . 937GET /config/event_sources/wincollect/wincollect_destinations/{id} . . . . . . . . . . . . . . 938GET /config/extension_management/extensions . . . . . . . . . . . . . . . . . . . . 939POST /config/extension_management/extensions . . . . . . . . . . . . . . . . . . . . 942GET /config/extension_management/extensions/{extension_id} . . . . . . . . . . . . . . . 944POST /config/extension_management/extensions/{extension_id}/metadata . . . . . . . . . . . 946POST /config/extension_management/extensions/{extension_id} . . . . . . . . . . . . . . . 947DELETE /config/extension_management/extensions/{extension_id} . . . . . . . . . . . . . . 948GET /config/extension_management/extensions_task_status/{status_id} . . . . . . . . . . . . 949GET /config/extension_management/extensions_task_status/{status_id}/results . . . . . . . . . . 951GET /config/flow_retention_buckets . . . . . . . . . . . . . . . . . . . . . . . . 952DELETE /config/flow_retention_buckets/{id} . . . . . . . . . . . . . . . . . . . . . 954GET /config/flow_retention_buckets/{id} . . . . . . . . . . . . . . . . . . . . . . . 954POST /config/flow_retention_buckets/{id} . . . . . . . . . . . . . . . . . . . . . . 955DELETE /config/flow_sources/custom_properties/calculated_properties/{calculated_property_id} . . . 957GET /config/flow_sources/custom_properties/calculated_properties/{calculated_property_id}/dependents 958GET /config/flow_sources/custom_properties/calculated_properties/{calculated_property_id} . . . . . 960POST /config/flow_sources/custom_properties/calculated_properties/{calculated_property_id} . . . . 962GET /config/flow_sources/custom_properties/calculated_properties. . . . . . . . . . . . . . 964POST /config/flow_sources/custom_properties/calculated_properties . . . . . . . . . . . . . 966GET /config/flow_sources/custom_properties/calculated_property_delete_tasks/{task_id} . . . . . . 968GET /config/flow_sources/custom_properties/calculated_property_dependent_tasks/{task_id} . . . . . 970POST /config/flow_sources/custom_properties/calculated_property_dependent_tasks/{task_id} . . . . 972GET /config/flow_sources/custom_properties/calculated_property_dependent_tasks/{task_id}/results . . 974GET /config/flow_sources/custom_properties/calculated_property_operands. . . . . . . . . . . 975DELETE /config/flow_sources/custom_properties/property_expressions/{expression_id} . . . . . . . 976GET /config/flow_sources/custom_properties/property_expressions/{expression_id} . . . . . . . . 977POST /config/flow_sources/custom_properties/property_expressions/{expression_id}. . . . . . . . 978GET /config/flow_sources/custom_properties/property_expressions. . . . . . . . . . . . . . 980POST /config/flow_sources/custom_properties/property_expressions . . . . . . . . . . . . . 982GET /config/flow_sources/custom_properties/regex_properties . . . . . . . . . . . . . . . 983POST /config/flow_sources/custom_properties/regex_properties . . . . . . . . . . . . . . . 985GET /config/flow_sources/custom_properties/regex_properties/{regex_property_id} . . . . . . . . 986POST /config/flow_sources/custom_properties/regex_properties/{regex_property_id} . . . . . . . . 987DELETE /config/flow_sources/custom_properties/regex_properties/{regex_property_id} . . . . . . . 989GET /config/flow_sources/custom_properties/regex_properties/{regex_property_id}/dependents . . . . 991GET /config/flow_sources/custom_properties/regex_property_delete_tasks/{task_id} . . . . . . . . 993GET /config/flow_sources/custom_properties/regex_property_dependent_tasks/{task_id} . . . . . . 994POST /config/flow_sources/custom_properties/regex_property_dependent_tasks/{task_id} . . . . . . 997GET /config/flow_sources/custom_properties/regex_property_dependent_tasks/{task_id}/results . . . . 999GET /config/global_system_notifications . . . . . . . . . . . . . . . . . . . . . . 1001GET /config/global_system_notifications/{notification_id} . . . . . . . . . . . . . . . . . 1003GET /config/network_hierarchy/networks . . . . . . . . . . . . . . . . . . . . . . 1004GET /config/network_hierarchy/staged_networks . . . . . . . . . . . . . . . . . . . 1005PUT /config/network_hierarchy/staged_networks . . . . . . . . . . . . . . . . . . . 1006GET /config/remote_networks . . . . . . . . . . . . . . . . . . . . . . . . . . 1008GET /config/remote_networks/{network_id} . . . . . . . . . . . . . . . . . . . . . 1009GET /config/remote_services . . . . . . . . . . . . . . . . . . . . . . . . . . 1010

xiv QRadar API Reference Guide

GET /config/remote_services/{service_id} . . . . . . . . . . . . . . . . . . . . . . 1011GET /config/resource_restrictions . . . . . . . . . . . . . . . . . . . . . . . . . 1012POST /config/resource_restrictions . . . . . . . . . . . . . . . . . . . . . . . . 1013GET /config/resource_restrictions/{resource_restriction_id} . . . . . . . . . . . . . . . . 1014DELETE /config/resource_restrictions/{resource_restriction_id} . . . . . . . . . . . . . . . 1015PUT /config/resource_restrictions/{resource_restriction_id} . . . . . . . . . . . . . . . . 1016GET /config/store_and_forward/policies . . . . . . . . . . . . . . . . . . . . . . 1017GET /config/store_and_forward/policies/{id} . . . . . . . . . . . . . . . . . . . . . 1018POST /config/store_and_forward/policies/{id} . . . . . . . . . . . . . . . . . . . . 1019DELETE /config/store_and_forward/policies/{id} . . . . . . . . . . . . . . . . . . . 1021

Data classification endpoints . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1021GET /data_classification/dsm_event_mappings . . . . . . . . . . . . . . . . . . . . 1021POST /data_classification/dsm_event_mappings . . . . . . . . . . . . . . . . . . . . 1023GET /data_classification/dsm_event_mappings/{dsm_event_mapping_id} . . . . . . . . . . . 1024POST /data_classification/dsm_event_mappings/{dsm_event_mapping_id} . . . . . . . . . . . 1025GET /data_classification/high_level_categories. . . . . . . . . . . . . . . . . . . . . 1026GET /data_classification/high_level_categories/{high_level_category_id} . . . . . . . . . . . . 1028GET /data_classification/low_level_categories . . . . . . . . . . . . . . . . . . . . . 1028GET /data_classification/low_level_categories/{low_level_category_id} . . . . . . . . . . . . 1030GET /data_classification/qid_records . . . . . . . . . . . . . . . . . . . . . . . . 1031POST /data_classification/qid_records . . . . . . . . . . . . . . . . . . . . . . . 1032GET /data_classification/qid_records/{qid_record_id} . . . . . . . . . . . . . . . . . . 1034POST /data_classification/qid_records/{qid_record_id} . . . . . . . . . . . . . . . . . . 1035

Forensics endpoints . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1036GET /forensics/capture/recoveries. . . . . . . . . . . . . . . . . . . . . . . . . 1036POST /forensics/capture/recoveries . . . . . . . . . . . . . . . . . . . . . . . . 1038GET /forensics/capture/recoveries/{id} . . . . . . . . . . . . . . . . . . . . . . . 1039GET /forensics/capture/recovery_tasks . . . . . . . . . . . . . . . . . . . . . . . 1040GET /forensics/capture/recovery_tasks/{id} . . . . . . . . . . . . . . . . . . . . . 1042GET /forensics/case_management/case_create_tasks/{id} . . . . . . . . . . . . . . . . . 1044GET /forensics/case_management/cases . . . . . . . . . . . . . . . . . . . . . . . 1045POST /forensics/case_management/cases . . . . . . . . . . . . . . . . . . . . . . 1046GET /forensics/case_management/cases/{id} . . . . . . . . . . . . . . . . . . . . . 1048

GUI application framework endpoints. . . . . . . . . . . . . . . . . . . . . . . . . 1049GET /gui_app_framework/application_creation_task . . . . . . . . . . . . . . . . . . 1049POST /gui_app_framework/application_creation_task . . . . . . . . . . . . . . . . . . 1050GET /gui_app_framework/application_creation_task/{application_id}/auth . . . . . . . . . . . 1051POST /gui_app_framework/application_creation_task/{application_id}/auth . . . . . . . . . . 1051GET /gui_app_framework/application_creation_task/{application_id} . . . . . . . . . . . . . 1052POST /gui_app_framework/application_creation_task/{application_id} . . . . . . . . . . . . 1053GET /gui_app_framework/applications . . . . . . . . . . . . . . . . . . . . . . . 1054GET /gui_app_framework/applications/{application_id} . . . . . . . . . . . . . . . . . 1057POST /gui_app_framework/applications/{application_id} . . . . . . . . . . . . . . . . . 1059PUT /gui_app_framework/applications/{application_id} . . . . . . . . . . . . . . . . . 1062DELETE /gui_app_framework/applications/{application_id} . . . . . . . . . . . . . . . . 1063GET /gui_app_framework/named_services . . . . . . . . . . . . . . . . . . . . . . 1064GET /gui_app_framework/named_services/{uuid} . . . . . . . . . . . . . . . . . . . 1065

Health data endpoints . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1068GET /health_data/security_data_count . . . . . . . . . . . . . . . . . . . . . . . 1068GET /health_data/top_offenses . . . . . . . . . . . . . . . . . . . . . . . . . . 1068GET /health_data/top_rules . . . . . . . . . . . . . . . . . . . . . . . . . . . 1069

Help endpoints . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1070GET /help/endpoints . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1071GET /help/endpoints/{endpoint_id} . . . . . . . . . . . . . . . . . . . . . . . . 1073GET /help/resources . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1075GET /help/resources/{resource_id} . . . . . . . . . . . . . . . . . . . . . . . . 1077GET /help/versions. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1078GET /help/versions/{version_id} . . . . . . . . . . . . . . . . . . . . . . . . . 1079

IBM QRadar Network Insights endpoints . . . . . . . . . . . . . . . . . . . . . . . 1080GET /qni/hosts/{host_id}/configs . . . . . . . . . . . . . . . . . . . . . . . . . 1080POST /qni/hosts/{host_id}/configs/{id} . . . . . . . . . . . . . . . . . . . . . . . 1082

Contents xv

GET /qni/stacking/stacks . . . . . . . . . . . . . . . . . . . . . . . . . . . 1083POST /qni/stacking/stacks . . . . . . . . . . . . . . . . . . . . . . . . . . . 1085DELETE /qni/stacking/stacks/{stack_id} . . . . . . . . . . . . . . . . . . . . . . 1086GET /qni/stacking/stacks/{stack_id} . . . . . . . . . . . . . . . . . . . . . . . . 1086POST /qni/stacking/stacks/{stack_id} . . . . . . . . . . . . . . . . . . . . . . . 1087GET /qni/stacking/standalone_hosts . . . . . . . . . . . . . . . . . . . . . . . . 1089

IBM Security QRadar Risk Manager endpoints . . . . . . . . . . . . . . . . . . . . . . 1090GET /qrm/model_groups . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1090GET /qrm/model_groups/{group_id} . . . . . . . . . . . . . . . . . . . . . . . . 1091POST /qrm/model_groups/{group_id} . . . . . . . . . . . . . . . . . . . . . . . 1093DELETE /qrm/model_groups/{group_id} . . . . . . . . . . . . . . . . . . . . . . 1094GET /qrm/qrm_saved_search_groups. . . . . . . . . . . . . . . . . . . . . . . . 1095GET /qrm/qrm_saved_search_groups/{group_id}. . . . . . . . . . . . . . . . . . . . 1096POST /qrm/qrm_saved_search_groups/{group_id} . . . . . . . . . . . . . . . . . . . 1098DELETE /qrm/qrm_saved_search_groups/{group_id} . . . . . . . . . . . . . . . . . . 1099GET /qrm/question_groups . . . . . . . . . . . . . . . . . . . . . . . . . . . 1100GET /qrm/question_groups/{group_id} . . . . . . . . . . . . . . . . . . . . . . . 1102POST /qrm/question_groups/{group_id} . . . . . . . . . . . . . . . . . . . . . . 1103DELETE /qrm/question_groups/{group_id} . . . . . . . . . . . . . . . . . . . . . 1105GET /qrm/simulation_groups . . . . . . . . . . . . . . . . . . . . . . . . . . 1105GET /qrm/simulation_groups/{group_id} . . . . . . . . . . . . . . . . . . . . . . 1107POST /qrm/simulation_groups/{group_id} . . . . . . . . . . . . . . . . . . . . . . 1108DELETE /qrm/simulation_groups/{group_id} . . . . . . . . . . . . . . . . . . . . . 1110GET /qrm/topology_saved_search_groups . . . . . . . . . . . . . . . . . . . . . . 1111GET /qrm/topology_saved_search_groups/{group_id} . . . . . . . . . . . . . . . . . . 1112POST /qrm/topology_saved_search_groups/{group_id} . . . . . . . . . . . . . . . . . . 1113DELETE /qrm/topology_saved_search_groups/{group_id} . . . . . . . . . . . . . . . . . 1115

QRadar Vulnerability Manager endpoints. . . . . . . . . . . . . . . . . . . . . . . . 1116GET /qvm/assets . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1116GET /qvm/filters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1116GET /qvm/network. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1117GET /qvm/openservices . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1118GET /qvm/saved_search_groups . . . . . . . . . . . . . . . . . . . . . . . . . 1118GET /qvm/saved_search_groups/{group_id} . . . . . . . . . . . . . . . . . . . . . 1120POST /qvm/saved_search_groups/{group_id} . . . . . . . . . . . . . . . . . . . . . 1121DELETE /qvm/saved_search_groups/{group_id} . . . . . . . . . . . . . . . . . . . . 1123GET /qvm/saved_searches . . . . . . . . . . . . . . . . . . . . . . . . . . . 1123GET /qvm/saved_searches/vuln_instances/{task_id}/results/assets . . . . . . . . . . . . . 1125GET /qvm/saved_searches/vuln_instances/{task_id}/results/vuln_instances . . . . . . . . . . 1126GET /qvm/saved_searches/vuln_instances/{task_id}/results/vulnerabilities . . . . . . . . . . . 1127GET /qvm/saved_searches/vuln_instances/{task_id}/status . . . . . . . . . . . . . . . . 1128POST /qvm/saved_searches/vuln_instances/{task_id}/status . . . . . . . . . . . . . . . . 1129GET /qvm/saved_searches/{saved_search_id} . . . . . . . . . . . . . . . . . . . . . 1130POST /qvm/saved_searches/{saved_search_id} . . . . . . . . . . . . . . . . . . . . 1131DELETE /qvm/saved_searches/{saved_search_id} . . . . . . . . . . . . . . . . . . . 1133GET /qvm/saved_searches/{saved_search_id}/vuln_instances . . . . . . . . . . . . . . . 1133POST /qvm/tickets/assign . . . . . . . . . . . . . . . . . . . . . . . . . . . 1135GET /qvm/vulns . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1135

Reference data endpoints . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1136GET /reference_data/map_delete_tasks/{task_id} . . . . . . . . . . . . . . . . . . . . 1136GET /reference_data/map_dependent_tasks/{task_id} . . . . . . . . . . . . . . . . . . 1137POST /reference_data/map_dependent_tasks/{task_id} . . . . . . . . . . . . . . . . . . 1140GET /reference_data/map_dependent_tasks/{task_id}/results. . . . . . . . . . . . . . . . 1142GET /reference_data/map_of_sets . . . . . . . . . . . . . . . . . . . . . . . . . 1144POST /reference_data/map_of_sets . . . . . . . . . . . . . . . . . . . . . . . . 1145POST /reference_data/map_of_sets/bulk_load/{name} . . . . . . . . . . . . . . . . . . 1146GET /reference_data/map_of_sets/{name} . . . . . . . . . . . . . . . . . . . . . . 1148POST /reference_data/map_of_sets/{name} . . . . . . . . . . . . . . . . . . . . . . 1149DELETE /reference_data/map_of_sets/{name} . . . . . . . . . . . . . . . . . . . . . 1150GET /reference_data/map_of_sets/{name}/dependents . . . . . . . . . . . . . . . . . . 1152DELETE /reference_data/map_of_sets/{name}/{key}. . . . . . . . . . . . . . . . . . . 1153

xvi QRadar API Reference Guide

GET /reference_data/map_of_sets_delete_tasks/{task_id} . . . . . . . . . . . . . . . . . 1154GET /reference_data/map_of_sets_dependent_tasks/{task_id}. . . . . . . . . . . . . . . . 1156POST /reference_data/map_of_sets_dependent_tasks/{task_id} . . . . . . . . . . . . . . . 1158GET /reference_data/map_of_sets_dependent_tasks/{task_id}/results . . . . . . . . . . . . . 1161GET /reference_data/maps . . . . . . . . . . . . . . . . . . . . . . . . . . . 1162POST /reference_data/maps . . . . . . . . . . . . . . . . . . . . . . . . . . . 1163POST /reference_data/maps/bulk_load/{name} . . . . . . . . . . . . . . . . . . . . 1165GET /reference_data/maps/{name} . . . . . . . . . . . . . . . . . . . . . . . . 1166POST /reference_data/maps/{name} . . . . . . . . . . . . . . . . . . . . . . . . 1167DELETE /reference_data/maps/{name} . . . . . . . . . . . . . . . . . . . . . . . 1168GET /reference_data/maps/{name}/dependents . . . . . . . . . . . . . . . . . . . . 1170DELETE /reference_data/maps/{name}/{key} . . . . . . . . . . . . . . . . . . . . . 1172GET /reference_data/set_delete_tasks/{task_id} . . . . . . . . . . . . . . . . . . . . 1173GET /reference_data/set_dependent_tasks/{task_id} . . . . . . . . . . . . . . . . . . . 1174POST /reference_data/set_dependent_tasks/{task_id} . . . . . . . . . . . . . . . . . . 1176GET /reference_data/set_dependent_tasks/{task_id}/results . . . . . . . . . . . . . . . . 1179GET /reference_data/sets . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1181POST /reference_data/sets . . . . . . . . . . . . . . . . . . . . . . . . . . . 1182POST /reference_data/sets/bulk_load/{name} . . . . . . . . . . . . . . . . . . . . . 1183GET /reference_data/sets/{name} . . . . . . . . . . . . . . . . . . . . . . . . . 1184POST /reference_data/sets/{name}. . . . . . . . . . . . . . . . . . . . . . . . . 1185DELETE /reference_data/sets/{name}. . . . . . . . . . . . . . . . . . . . . . . . 1186DELETE /reference_data/sets/{name}/{value} . . . . . . . . . . . . . . . . . . . . . 1188GET /reference_data/sets/{name}/dependents . . . . . . . . . . . . . . . . . . . . . 1189GET /reference_data/tables_delete_tasks/{task_id} . . . . . . . . . . . . . . . . . . . 1191GET /reference_data/tables_dependent_tasks/{task_id} . . . . . . . . . . . . . . . . . . 1192POST /reference_data/tables_dependent_tasks/{task_id} . . . . . . . . . . . . . . . . . 1194GET /reference_data/tables_dependent_tasks/{task_id}/results . . . . . . . . . . . . . . . 1196POST /reference_data/tables/bulk_load/{name} . . . . . . . . . . . . . . . . . . . . 1198GET /reference_data/tables . . . . . . . . . . . . . . . . . . . . . . . . . . . 1199GET /reference_data/tables/{name} . . . . . . . . . . . . . . . . . . . . . . . . 1200POST /reference_data/tables/{name} . . . . . . . . . . . . . . . . . . . . . . . . 1201DELETE /reference_data/tables/{name} . . . . . . . . . . . . . . . . . . . . . . . 1203GET /reference_data/tables/{name}/dependents . . . . . . . . . . . . . . . . . . . . 1204DELETE /reference_data/tables/{name}/{outer_key}/{inner_key} . . . . . . . . . . . . . . 1206POST /reference_data/tables . . . . . . . . . . . . . . . . . . . . . . . . . . . 1207

Scanner endpoints . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1208GET /scanner/profiles . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1208POST /scanner/profiles/create . . . . . . . . . . . . . . . . . . . . . . . . . . 1209POST /scanner/profiles/start . . . . . . . . . . . . . . . . . . . . . . . . . . 1210GET /scanner/scanprofiles . . . . . . . . . . . . . . . . . . . . . . . . . . . 1210POST /scanner/scanprofiles . . . . . . . . . . . . . . . . . . . . . . . . . . . 1212GET /scanner/scanprofiles/{profileid} . . . . . . . . . . . . . . . . . . . . . . . 1212POST /scanner/scanprofiles/{profileid} . . . . . . . . . . . . . . . . . . . . . . . 1214DELETE /scanner/scanprofiles/{profileid} . . . . . . . . . . . . . . . . . . . . . . 1215GET /scanner/scanprofiles/{profileid}/runs. . . . . . . . . . . . . . . . . . . . . . 1215GET /scanner/scanprofiles/{profileid}/runs/{run_id} . . . . . . . . . . . . . . . . . . 1216GET /scanner/scanprofiles/{profileid}/runs/{run_id}/results . . . . . . . . . . . . . . . . 1217POST /scanner/scanprofiles/{profileid}/start . . . . . . . . . . . . . . . . . . . . . 1218

Services endpoints . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1219POST /services/dig_lookups . . . . . . . . . . . . . . . . . . . . . . . . . . . 1219GET /services/dig_lookups/{dig_lookup_id} . . . . . . . . . . . . . . . . . . . . . 1220POST /services/dns_lookups . . . . . . . . . . . . . . . . . . . . . . . . . . 1221GET /services/dns_lookups/{dns_lookup_id} . . . . . . . . . . . . . . . . . . . . . 1222GET /services/geolocations . . . . . . . . . . . . . . . . . . . . . . . . . . . 1223POST /services/port_scans . . . . . . . . . . . . . . . . . . . . . . . . . . . 1227GET /services/port_scans/{port_scan_id} . . . . . . . . . . . . . . . . . . . . . . 1228POST /services/whois_lookups . . . . . . . . . . . . . . . . . . . . . . . . . . 1229GET /services/whois_lookups/{whois_lookup_id} . . . . . . . . . . . . . . . . . . . 1230

SIEM endpoints . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1231GET /siem/local_destination_addresses . . . . . . . . . . . . . . . . . . . . . . . 1232

Contents xvii

GET /siem/local_destination_addresses/{local_destination_address_id} . . . . . . . . . . . . 1233GET /siem/offense_closing_reasons . . . . . . . . . . . . . . . . . . . . . . . . 1234POST /siem/offense_closing_reasons . . . . . . . . . . . . . . . . . . . . . . . . 1236GET /siem/offense_closing_reasons/{closing_reason_id} . . . . . . . . . . . . . . . . . 1237GET /siem/offense_saved_search_delete_tasks/{task_id} . . . . . . . . . . . . . . . . . 1237GET /siem/offense_saved_search_dependent_tasks/{task_id} . . . . . . . . . . . . . . . . 1239POST /siem/offense_saved _search_dependent_tasks/{task_id} . . . . . . . . . . . . . . . 1241GET /siem/offense_saved _search_dependent_tasks/{task_id}/results . . . . . . . . . . . . . 1244GET /siem/offense_saved_search_groups . . . . . . . . . . . . . . . . . . . . . . 1245GET /siem/offense_saved_search_groups/{group_id} . . . . . . . . . . . . . . . . . . 1247POST /siem/offense_saved_search_groups/{group_id} . . . . . . . . . . . . . . . . . . 1248DELETE /siem/offense_saved_search_groups/{group_id} . . . . . . . . . . . . . . . . . 1250GET /siem/offense_saved_searches . . . . . . . . . . . . . . . . . . . . . . . . 1251GET /siem/offense_saved_searches/{id} . . . . . . . . . . . . . . . . . . . . . . . 1252POST /siem/offense_saved_searches/{id} . . . . . . . . . . . . . . . . . . . . . . 1253DELETE /siem/offense_saved_searches/{id} . . . . . . . . . . . . . . . . . . . . . 1254GET /siem/offense_saved_searches/{id}/dependents . . . . . . . . . . . . . . . . . . 1256GET /siem/offenses. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1258GET /siem/offenses/{offense_id} . . . . . . . . . . . . . . . . . . . . . . . . . 1260GET /siem/offenses/{offense_id}/notes . . . . . . . . . . . . . . . . . . . . . . . 1263GET /siem/offenses/{offense_id}/notes/{note_id}. . . . . . . . . . . . . . . . . . . . 1264POST /siem/offenses/{offense_id}/notes. . . . . . . . . . . . . . . . . . . . . . . 1265POST /siem/offenses/{offense_id} . . . . . . . . . . . . . . . . . . . . . . . . . 1266GET /siem/offense_types . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1269GET /siem/offense_types/{offense_type_id} . . . . . . . . . . . . . . . . . . . . . 1270GET /siem/source_addresses . . . . . . . . . . . . . . . . . . . . . . . . . . 1271GET /siem/source_addresses/{source_address_id} . . . . . . . . . . . . . . . . . . . 1273

Staged configuration endpoints . . . . . . . . . . . . . . . . . . . . . . . . . . . 1274GET /staged_config/access/user_delete_tasks/{task_id} . . . . . . . . . . . . . . . . . 1274GET /staged_config/access/users . . . . . . . . . . . . . . . . . . . . . . . . . 1275DELETE /staged_config/access/users/{id} . . . . . . . . . . . . . . . . . . . . . . 1276GET /staged_config/access/users/{id} . . . . . . . . . . . . . . . . . . . . . . . 1278GET /staged_config/deploy_status. . . . . . . . . . . . . . . . . . . . . . . . . 1278POST /staged_config/deploy_status . . . . . . . . . . . . . . . . . . . . . . . . 1279GET /staged_config/deployment/hosts . . . . . . . . . . . . . . . . . . . . . . . 1281GET /staged_config/deployment/hosts/{id} . . . . . . . . . . . . . . . . . . . . . 1283GET /staged_config/global_system_notifications . . . . . . . . . . . . . . . . . . . . 1285GET /staged_config/global_system_notifications/{notification_id} . . . . . . . . . . . . . . 1287POST /staged_config/global_system_notifications/{notification_id} . . . . . . . . . . . . . . 1288GET /staged_config/remote_networks . . . . . . . . . . . . . . . . . . . . . . . 1289POST /staged_config/remote_networks . . . . . . . . . . . . . . . . . . . . . . . 1290GET /staged_config/remote_networks/{network_id} . . . . . . . . . . . . . . . . . . . 1291POST /staged_config/remote_networks/{network_id} . . . . . . . . . . . . . . . . . . 1292DELETE /staged_config/remote_networks/{network_id} . . . . . . . . . . . . . . . . . 1293GET /staged_config/remote_services . . . . . . . . . . . . . . . . . . . . . . . . 1293POST /staged_config/remote_services . . . . . . . . . . . . . . . . . . . . . . . 1295GET /staged_config/remote_services/{service_id}. . . . . . . . . . . . . . . . . . . . 1296POST /staged_config/remote_services/{service_id} . . . . . . . . . . . . . . . . . . . 1297DELETE /staged_config/remote_services/{service_id} . . . . . . . . . . . . . . . . . . 1298DELETE /staged_config/yara_rules . . . . . . . . . . . . . . . . . . . . . . . . 1298PUT /staged_config/yara_rules . . . . . . . . . . . . . . . . . . . . . . . . . . 1299

System endpoints . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1299GET /system/authorization/password_policies . . . . . . . . . . . . . . . . . . . . 1299GET /system/authorization/password_policies/{id} . . . . . . . . . . . . . . . . . . . 1301POST /system/authorization/password_policies/{id} . . . . . . . . . . . . . . . . . . 1302POST /system/authorization/password_validators . . . . . . . . . . . . . . . . . . . 1305GET /system/information/encodings . . . . . . . . . . . . . . . . . . . . . . . . 1307GET /system/information/locales . . . . . . . . . . . . . . . . . . . . . . . . . 1308GET /system/servers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1309GET /system/servers/{server_id} . . . . . . . . . . . . . . . . . . . . . . . . . 1310POST /system/servers/{server_id} . . . . . . . . . . . . . . . . . . . . . . . . . 1311

xviii QRadar API Reference Guide

GET /system/servers/{server_id}/firewall_rules . . . . . . . . . . . . . . . . . . . . 1312PUT /system/servers/{server_id}/firewall_rules . . . . . . . . . . . . . . . . . . . . 1313GET /system/servers/{server_id}/network_interfaces/bonded . . . . . . . . . . . . . . . 1315POST /system/servers/{server_id}/network_interfaces/bonded . . . . . . . . . . . . . . . 1317POST /system/servers/{server_id}/network_interfaces/bonded/{device_name}. . . . . . . . . . 1318DELETE /system/servers/{server_id}/network_interfaces/bonded/{device_name}. . . . . . . . . 1320GET /system/servers/{server_id}/network_interfaces/ethernet . . . . . . . . . . . . . . . 1321POST /system/serv

© copyright ibm corporation 2014, 2017. product information · contents 1 what's new for...

Documents