we are trying to integrate ibm qradar siem with sailpoint identity now through ibm qradar universal cloud connector, we found the next post where talk about this integrations:
but this options to integrated IDN with qradar have old references to API tha were deprecated.
we are try to build the workflow xml with some query search, but in the moment tha we do the test, qradar not return any results.
// Request Events //
////////////////////
-->
<CallEndpoint url="https://${/host}/v3" method="POST" savePath="/search" >
<BearerAuthentication token="${/get_access_token}" />
<QueryParameter name="limit" value="50" />
<QueryParameter name="stream_position" value="${/bookmark}" omitIfEmpty="true"/>
<RequestHeader name="Content-Type" value="application/json" />
<RequestHeader name="Accept" value="*/*" />
<RequestHeader name="Connection" value="keep-alive" />
<RequestHeader name=" Accept-Encoding" value=" gzip, deflate, br" />
<RequestBody type="application/json" encoding="UTF-8">
{
"indices": [
"events"
],
"query": {
"query": "attributes.attributeValue:ORG_ADMIN"
},
"filters": {
"created": {
"type": "RANGE",
"range": {
"lower": {
"value": "now-1H",
"inclusive": true
},
"upper": {
"value": "now"
}
}
}
}
}
</RequestBody>
</CallEndpoint>
thanks for your help.