To begin developing a QRadar application you can use the App SDK to create a workspace. This workspace not only creates the folder structure that QRadar expects from an app but also generates code to help with getting started. In fact, by running the create command you have a working application (Hello World). To setup your workspace please follow these steps:
#1 Install the QRadar App SDK
Before you begin, make sure that you have a later version of Python2 installed. It will not work with Python3 and we suggest a later version of Python2.
The SDK is delivered to you as a zip file. Inside that zip there is a README.html file with all the info you need. The common install consists of running either install.bat for a Windows environment or install.sh for a Linux/Mac environment. This will install a few packages and add the ‘qradar_app_creator’ command to your system path.
Special Note for Windows users, if you have multiple versions of Python installed or have Python installed in an uncommon location you can edit the install.bat file on line 36 and add the path to the Python executable you would like to install against.
#2 Create your workspace
The second step in developing your app is getting your workspace setup. We suggest to put your workspace in an easily accessible place with a file path you will remember as you will be needing that path during testing/deploying.
To create your workspace, from the command line, enter:
qradar_app_creator create -w ~/QradarApps/com.me.myApp.1.0.0
~/QradarApps/com.me.myApp.1.0.0 is just a suggested path/workspace name. Note that we prefer apps to have a major.minor.patch versioning system if you chose to publish this app some day.
Once you run this app a folder will be created at the path you provided. The folder structure will resemble this:
#3 Start Developing
You are now ready to begin development of a QRadar app. Please see our other tutorials for the next steps.