High Level Category from API
I'm working on a script to assign offenses to my analysts based on the offense category. The /siem/offenses API lists out a very granular category listing. Is there a way to get the high level category via the API? The example below from a vulnerability scanner. I want the high level as shown in the screenshot.
"categories": ["Access Denied", "Session Denied", "Network Sweep", "Misc Recon Event", "Firewall Deny", "Suspicious Pattern Detected", "Suspicious Activity", "User Time", "IRC/IM Policy Violation", "Chat", "Web", "File Transfer" , "Potential Worm Activity", "Data Transfer", "Data Loss Possible", "Remote Access", "Host Port Scan", "Host Login Succeeded", "Firewall Permit", "Windows Reconnaissance"]
Hi @JThur - unfortunately, currently you can not access the high level categories of an offense via the API, only the low level categories are shown.
I would suggest you log a Request For Enhancement for this feature at https://www.ibm.com/developerworks/rfe/execute?use_case=changeRequestLanding&BRAND_ID=301&PROD_ID=800&x=24&y=7 so that it can be added to the product.