IBM QRadar: Developing QRadar Applications: Difference between revisions

From Wiki
No edit summary
 
(14 intermediate revisions by the same user not shown)
Line 1: Line 1:
= Developing QRadar Applications =
Some QRadar applications require additional dependencies to be installed.  
 
Some QRadar applications require additional dependencies to be installed. When this is the case, it will be clearly outlined in the app’s `README.md` file.


Before starting, ensure your system has the following installed:
Before starting, ensure your system has the following installed:
Line 7: Line 5:
* Python 3.x and pip
* Python 3.x and pip
* Docker (preferably Docker-CE)
* Docker (preferably Docker-CE)
* '''QRadar App SDK v2 — Current version: 2.2.3'''
* QRadar App SDK v2 — '''Current version: 2.2.3'''
 
You can check the QRadar App SDK compatibility here [https://ibmsecuritydocs.github.io/qradar_appfw_v2/docs/documentation/qradar_app_base_image_changelog.html QRadar App Base Images]


== Preparing Your Environment ==
== Preparing Your Environment ==
Line 20: Line 20:
sudo dnf install pass
sudo dnf install pass
</pre>
</pre>
for other versions check here [https://docs.docker.com/get-started/get-docker/ Get Docker]


2) Remove Podman or ContainerD if already installed (they conflict with Docker):
2) Remove Podman or ContainerD if already installed (they conflict with Docker):


<pre>
<pre>
sudo dnf remove podman runc
sudo dnf -y remove podman runc
</pre>
</pre>


Line 30: Line 32:


<pre>
<pre>
sudo dnf install docker-ce docker-ce-cli containerd.io
sudo dnf -y install docker-ce docker-ce-cli containerd.io
</pre>
</pre>


Line 52: Line 54:
1) Download the SDK from IBM X-Force Exchange:
1) Download the SDK from IBM X-Force Exchange:


[https://exchange.xforce.ibmcloud.com/hub/extension/517ff786d70b6dfa39dde485af6cbc8b QRadar App SDK 2.2.3]
:[https://exchange.xforce.ibmcloud.com/hub/extension/517ff786d70b6dfa39dde485af6cbc8b QRadar App SDK]
 
Current version is 2.2.3


2) Extract the SDK package:
2) Extract the SDK package:
Line 85: Line 89:
</pre>
</pre>


2) Update the `manifest.json` file to change the base image, if necessary:
2) Update the '''manifest.json''' file to change the base image, if necessary:


<pre>
<pre>
Line 100: Line 104:


This will start the application locally for testing purposes.
This will start the application locally for testing purposes.
The output must provide a url, in my case <nowiki>http://localhost:32768/</nowiki>, open your browser and access it.
====Tip====
if this previous step work, you can check if container is running
<small><nowiki>$ docker ps
CONTAINER ID  IMAGE              COMMAND    CREATED      STATUS      PORTS                  NAMES
ad02f6d95922  helloworld        "sh /opt"  2 hours ago  Up 2 hours  0.0.0.0:32768->5000/tcp qradar-helloworld</nowiki></small>
And check images
<small><nowiki>$ docker images
REPOSITORY                                                    TAG      IMAGE ID      CREATED        SIZE
helloworld                                                    latest    1a55448eb20d  2 hours ago    388MB
icr.io/qradar-siem-release/gaf/qradar-app-base                4.0.9    69c0c5539b12  4 months ago    388MB
docker-release.secintel.intranet.ibm.com/gaf/qradar-app-base  2.1.23    36e712cf0105  12 months ago  358MB</nowiki></small>


== Packaging and Deploying to QRadar ==
== Packaging and Deploying to QRadar ==
Line 120: Line 144:
qapp deploy -p app.zip -q 192.168.42.150 -u admin
qapp deploy -p app.zip -q 192.168.42.150 -u admin
</pre>
</pre>
= Ver também =
* [[IBM QRadar| Artigos sobre IBM QRadar]]
* [[Cloud| Artigos sobre Cloud]]
* [[Tecnologias|  Mais Artigos sobre Cloud / WebDev / Tecnologias]]
[[Category:IBM QRadar]]

Latest revision as of 14:31, 28 July 2025

Some QRadar applications require additional dependencies to be installed.

Before starting, ensure your system has the following installed:

  • Python 3.x and pip
  • Docker (preferably Docker-CE)
  • QRadar App SDK v2 — Current version: 2.2.3

You can check the QRadar App SDK compatibility here QRadar App Base Images

Preparing Your Environment

Installing Docker on RHEL/CentOS 8

1) Enable required repositories and install dependencies: 

sudo subscription-manager repos --enable codeready-builder-for-rhel-8-$(arch)-rpms
sudo dnf install https://dl.fedoraproject.org/pub/epel/epel-release-latest-8.noarch.rpm
sudo dnf install pass

for other versions check here Get Docker

2) Remove Podman or ContainerD if already installed (they conflict with Docker): 

sudo dnf -y remove podman runc

3) Install Docker-CE: 

sudo dnf -y install docker-ce docker-ce-cli containerd.io

4) Enable and start the Docker service: 

sudo systemctl enable docker
sudo systemctl start docker

5) Add your user to the docker group: 

sudo usermod -aG docker <YOUR_USER>

Note: You must log out and log back in for this change to take effect.

Installing the QRadar App SDK

1) Download the SDK from IBM X-Force Exchange:

QRadar App SDK

Current version is 2.2.3

2) Extract the SDK package: 

mkdir SDK
cd SDK
unzip QRadarAppSDK-2.2.3.zip

3) Run the installer script: 

sudo ./install.sh

This script installs the `qapp` CLI tool to `/usr/local/bin/`.

Verify the installation: 

qapp --version

Cloning Sample Applications

1) Clone IBM’s sample applications repository: 

git clone https://github.com/IBM/qradar-sample-apps.git
cd qradar-sample-apps/HelloWorld

2) Update the manifest.json file to change the base image, if necessary: 

"image": "qradar-app-base:4.0.0",

Running the Application Locally

Run the HelloWorld app in a local Docker container: 

qapp run

This will start the application locally for testing purposes.

The output must provide a url, in my case http://localhost:32768/, open your browser and access it.

Tip

if this previous step work, you can check if container is running 

$ docker ps

 CONTAINER ID   IMAGE              COMMAND     CREATED       STATUS       PORTS                   NAMES
 ad02f6d95922   helloworld         "sh /opt"   2 hours ago   Up 2 hours   0.0.0.0:32768->5000/tcp qradar-helloworld

And check images 

$ docker images

 REPOSITORY                                                     TAG       IMAGE ID       CREATED         SIZE
 helloworld                                                     latest    1a55448eb20d   2 hours ago     388MB
 icr.io/qradar-siem-release/gaf/qradar-app-base                 4.0.9     69c0c5539b12   4 months ago    388MB
 docker-release.secintel.intranet.ibm.com/gaf/qradar-app-base   2.1.23    36e712cf0105   12 months ago   358MB

Packaging and Deploying to QRadar

1) Create a deployment package: 

 qapp package -p app.zip

2) Deploy the application to a QRadar instance: 

qapp deploy -p app.zip -q <QRADAR_IP> -u <USERNAME>

Example: 

qapp deploy -p app.zip -q 192.168.42.150 -u admin

Ver também

Retrieved from "https://ebasso.net/wiki/index.php?title=IBM_QRadar:_Developing_QRadar_Applications&oldid=9593"