Skip to content

zoldax/qradarOffenseTools

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

13 Commits
LICENSE
LICENSE
 
 
README.md
README.md
 
 
config.txt
config.txt
 
 
qradarOffenseTools.py
qradarOffenseTools.py
 
 
qradarzoldaxlib.py
qradarzoldaxlib.py
 
 

Repository files navigation

🛠️ QRadar Offense Tools

This repository contains qradarOffenseTools.py, a Python script for fetching and displaying QRadar offenses. It provides options to output the data in CSV or JSON format and also allows users to display QRadar system information.

License Commit Views Last commit

📖 Description

qradarOffenseTools.py is a command-line tool designed to interact with the QRadar API to retrieve and display offense data. The tool can output the data in both CSV and JSON formats for further analysis or reporting. Additionally, it can display QRadar system information.

🛠️ Usage

The script can be executed from the command line with various arguments to control its behavior.

1. Display QRadar Offenses

python qradarOffenseTools.py --offense

2. Exporting Offenses to CSV

python qradarOffenseTools.py --offense --format csv --output offenses.csv

3. Exporting Offenses to JSON

python qradarOffenseTools.py --offense --format json --output offenses.json

4. Display QRadar System Information

python qradarOffenseTools.py --version

📦 Requirements

  • Python 3.6 or later
  • Required Python packages:
    • argparse
    • csv
    • json
    • datetime
    • qradarzoldaxlib (custom library for QRadar interactions)

📥 Inputs

  • Command-line arguments to control script behavior
  • Configuration file: config.txt

📤 Outputs

  • Console output for offenses and system information
  • CSV or JSON files for exported offenses

🔑 Functionalities & Key Functions

  • get_offenses(): Fetches offenses from QRadar API.
  • format_timestamp(epoch_millis): Converts epoch milliseconds to a human-readable datetime string.
  • print_offenses(offenses): Prints QRadar offenses to the console.
  • write_offenses_to_csv(offenses, filename): Writes offenses to a CSV file.
  • write_offenses_to_json(offenses, filename): Writes offenses to a JSON file.
  • print_qradar_version(): Displays QRadar system information.

🛠 Configuration: config.txt

Configuration parameters required by the script:

  1. ip_QRadar: IP address of the QRadar instance.
  2. auth: Authentication token for QRadar API access.
  3. Version: API version.
  4. Accept: Accept header value.
  5. verify_ssl: SSL verification (True/False).
  6. ssl_cert_path: Path to SSL certificate.
  7. safety Parameter: Additional safety parameters if any.

🔐 SSL API Connection Support

The script supports SSL API connections by configuring verify_ssl and ssl_cert_path in the config.txt file.

🚫 Error Handling

The script includes robust error handling mechanisms:

  • Network request failures
  • File I/O operations
  • Timestamp conversion errors

Errors are logged using the configured logging level.

📝 Notes

  • Ensure that the config.txt file is properly configured before running the script.
  • The custom library qradarzoldaxlib must be available in the Python path.

📜 Disclaimer

This script is provided "as-is" without any warranties. Use it at your own risk. The authors and Abakus Sécurité are not responsible for any damage or data loss caused by the use of this script.

License

Licensed under the Apache License, Version 2.0. See LICENSE for more details.

About

QRadar Offense Tools (Viewer)

Topics

cybersecurity siem soc qradar offense cybersecurity-tools

Resources

Readme

License

Apache-2.0 license
Activity

Stars

6 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

1 tags

Packages

No packages published

Languages