Accessing Report Data by using QRadar Use Case Manager APIs

As an alternative to using the interface in QRadar Use Case Manager, you can use APIs to download report data to CSV or JSON files. Try using the interactive API documentation interface to test the APIs before you use them in your scripts.

From the Admin tab, click Apps > QRadar Use Case Manager > API Docs.
Select a workflow to use. For more information, see Public Use Case Manager API Workflows.
Click Try it out and then complete the request parameters for the selected workflow. For more information, see Use Case Explorer Filters and Report Column Codes for Report APIs.
Click Execute to send the API request to your console and receive a properly formatted HTTPS response.
Review and gather the information that you need to integrate with QRadar.

Review the endpoint workflows and try the example script or use the script as a base for your own scripts. Use the filters and report columns that make sense for your environment and needs.

Public Use Case Manager API Workflows

Use these workflows to download report data to CSV or JSON files.
Example API Workflow Script

Use the script in this example to download a Use Case Explorer report in CSV format.
Use Case Explorer Filters

Use these filters in the example script to download a Use Case Explorer report in CSV format.
Report Column Codes for Report APIs

Use the report column codes in the tables in the following APIs: POST

/api/rules_explorer/{reportId}/download_csv, POST

/api/rules_explorer/{reportId}/download_json, or GET /api/rules_explorer/{reportId}/result.