An app adds new functionality to the QRadar GUI such as dashboard items, menu buttons, pages, and more. Apps are developed using the QRadar GUI Application Framework.

Tools

QRadar provides APIs, an SDK, and an App Editor.

App Editor

Essentials

Some topics that every developer should know are covered below.

Overview of a QRadar Application

Product documentation:

Troubleshoot your app

If your app is not working as expected, you can troubleshoot by reviewing the app logs.

Memory limits when developing apps

One of the challenges we ran into when developing apps was the memory limit on the docker containers in the App Framework. As you develop your apps, it pays to think about how you write your code to keep your memory foot small. Follow the link for recommendations and how to monitor your apps memory usage.

Ensuring Your QRadar Application is Secure

Each application undergoes an individual security review as part of the submission process. The tips and discussion in this article are intended to guide users to the types of items we review and take questions about frequently to reduce the chance of an app submissions from being rejected based off of common issues.

Special interest

Some applicables have specialized requirements, like running a background service. This topic and other specialized topics are covered below.

How to execute JavaScript in a dashboard item

Some App developers will want to execute JavaScript within a dashboard item. Due to the way the HTML in a dashboard item is handled this has to be done a specific way. See the link for details on how to accomplish this.

Using the App framework to build your own Protocol

A protocol is the mechanism that is used as part of a log source to get data into QRadar. Common examples of this are our Syslog, Log File, and WinCollect protocols. Modern services and applications often allow users to retrieve events or subscribe to event feeds via a REST API. You can create an App that acts as an API connector to get events via your REST API.

Running Background Services in QRadar Apps

The QRadar Application Framework allows you to run complex applications within a QRadar environment. By default, the framework creates and manages a Flask web application instance for you. For a lot of apps, that is all that is required to build a rich and fully-functional QRadar integration. Sometimes, you want to run background services in your application. Maybe it’s a database, a background processing script, or a complex machine learning engine. Getting your application set up to install those services is pretty easy once you get the hang of it!

Want your application to run on QRadar On Cloud (QROC)?

QRadar on Cloud (QRoC) is a completely managed QRadar instance in IBM Cloud that is maintained by an internal IBM ops team. When building integrations for QRadar, if you would like it to be available to our QRoC customers there are a few things you should keep in mind.