POST /analytics/custom_actions/actions
Creates a new custom action with the supplied fields.
- name - Required - String - Unique name of the custom action within the QRadar deployment.
- description - Optional - String - Description of the custom action.
- interpreter - Required - Number - Unique ID of the custom action interpreter used by the custom action.
- script - Required - Number - Unique ID of the custom action script used by the custom action.
- parameters - Required - Array - Array of custom action parameters contained within the custom action. Each Custom action parameter must have the following fields:
- name - Required - String - Name of the custom action parameter. Unique in the context of the parent custom action.
- parameter_type - Required - String - Custom action parameter type. Can be either fixed or dynamic.
- encrypted - Required - Boolean - Designates whether the custom action parameter value field is stored in an encrypted state.True if encrypted, false otherwise.
- value - Required - String - Value of the custom action parameter. Custom action parameters with parameter_type fixed can have any value. Custom action parameters with parameter_type dynamic must have values corresponding to column names in an Ariel database, for example sourceip. Ariel database column names are available through the /api/ariel/databases/{database_name} endpoint.
| MIME Type |
|---|
application/json |
| Parameter | Type | Optionality | Data Type | MIME Type | Description |
|---|---|---|---|---|---|
fields |
header |
Optional |
String |
text/plain |
Optional - Use this parameter to specify which fields you would like to get back in the response. Fields that are not named are excluded. Specify subfields in brackets and multiple fields in the same object are separated by commas. |
| Parameter | Data Type | MIME Type | Description | Sample |
|---|---|---|---|---|
custom_action |
Object |
application/json |
Custom action JSON object containing the supplied fields (see above for more details). |
{ "description": "String", "interpreter": 42, "name": "String", "parameters": [ { "encrypted": true, "name": "String", "parameter_type": "String", "value": "String" } ], "script": 42 } |
| HTTP Response Code | Unique Code | Description |
|---|---|---|
201 |
A new custom action has been successfully created. |
|
422 |
1005 |
One or more parameters are invalid in request. |
500 |
1020 |
An internal server error occurred while posting custom action. |
Response Description
- id - Number - Unique ID of the custom action within the QRadar deployment.
- name - String - Unique name of the custom action within the QRadar deployment.
- description - String - Optional description attached to the custom action.
- interpreter - Number - Unique ID of the custom action interpreter used by the custom action.
- script - Number - Unique ID of the custom action script used by the custom action.
- parameters - Array - Array of custom action parameters contained within the custom action. Each Custom action parameter has the following fields:
- name - String - Name of the custom action parameter. Unique in the context of the parent custom action.
- parameter_type - String - Custom action parameter type. Can be either fixed or dynamic.
- encrypted - Boolean - Designates whether the custom action parameter value field is stored in an encrypted state.True if encrypted, false otherwise.
- value - String - Value of the custom action parameter.
Response Sample
{
"description": "String",
"id": 42,
"interpreter": 42,
"name": "String",
"parameters": [
{
"encrypted": true,
"name": "String",
"parameter_type": "String",
"value": "String"
}
],
"script": 42
}