IBM QRadar: Developing QRadar Applications: Difference between revisions
| (12 intermediate revisions by the same user not shown) | |||
| Line 6: | Line 6: | ||
* Docker (preferably Docker-CE) | * Docker (preferably Docker-CE) | ||
* QRadar App SDK v2 — '''Current version: 2.2.3''' | * QRadar App SDK v2 — '''Current version: 2.2.3''' | ||
You can check the QRadar App SDK compatibility here [https://ibmsecuritydocs.github.io/qradar_appfw_v2/docs/documentation/qradar_app_base_image_changelog.html QRadar App Base Images] | |||
== Preparing Your Environment == | == Preparing Your Environment == | ||
| Line 18: | Line 20: | ||
sudo dnf install pass | sudo dnf install pass | ||
</pre> | </pre> | ||
for other versions check here [https://docs.docker.com/get-started/get-docker/ Get Docker] | |||
2) Remove Podman or ContainerD if already installed (they conflict with Docker): | 2) Remove Podman or ContainerD if already installed (they conflict with Docker): | ||
<pre> | <pre> | ||
sudo dnf remove podman runc | sudo dnf -y remove podman runc | ||
</pre> | </pre> | ||
| Line 28: | Line 32: | ||
<pre> | <pre> | ||
sudo dnf install docker-ce docker-ce-cli containerd.io | sudo dnf -y install docker-ce docker-ce-cli containerd.io | ||
</pre> | </pre> | ||
| Line 50: | Line 54: | ||
1) Download the SDK from IBM X-Force Exchange: | 1) Download the SDK from IBM X-Force Exchange: | ||
[https://exchange.xforce.ibmcloud.com/hub/extension/517ff786d70b6dfa39dde485af6cbc8b QRadar App SDK] | :[https://exchange.xforce.ibmcloud.com/hub/extension/517ff786d70b6dfa39dde485af6cbc8b QRadar App SDK] | ||
Current version is 2.2.3 | Current version is 2.2.3 | ||
| Line 85: | Line 89: | ||
</pre> | </pre> | ||
2) Update the | 2) Update the '''manifest.json''' file to change the base image, if necessary: | ||
<pre> | <pre> | ||
| Line 100: | Line 104: | ||
This will start the application locally for testing purposes. | This will start the application locally for testing purposes. | ||
The output must provide a url, in my case <nowiki>http://localhost:32768/</nowiki>, open your browser and access it. | |||
====Tip==== | |||
if this previous step work, you can check if container is running | |||
<small><nowiki>$ docker ps | |||
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES | |||
ad02f6d95922 helloworld "sh /opt" 2 hours ago Up 2 hours 0.0.0.0:32768->5000/tcp qradar-helloworld</nowiki></small> | |||
And check images | |||
<small><nowiki>$ docker images | |||
REPOSITORY TAG IMAGE ID CREATED SIZE | |||
helloworld latest 1a55448eb20d 2 hours ago 388MB | |||
icr.io/qradar-siem-release/gaf/qradar-app-base 4.0.9 69c0c5539b12 4 months ago 388MB | |||
docker-release.secintel.intranet.ibm.com/gaf/qradar-app-base 2.1.23 36e712cf0105 12 months ago 358MB</nowiki></small> | |||
== Packaging and Deploying to QRadar == | == Packaging and Deploying to QRadar == | ||
| Line 120: | Line 144: | ||
qapp deploy -p app.zip -q 192.168.42.150 -u admin | qapp deploy -p app.zip -q 192.168.42.150 -u admin | ||
</pre> | </pre> | ||
= Ver também = | |||
* [[IBM QRadar| Artigos sobre IBM QRadar]] | |||
* [[Cloud| Artigos sobre Cloud]] | |||
* [[Tecnologias| Mais Artigos sobre Cloud / WebDev / Tecnologias]] | |||
[[Category:IBM QRadar]] | |||
Latest revision as of 14:31, 28 July 2025
Some QRadar applications require additional dependencies to be installed.
Before starting, ensure your system has the following installed:
- Python 3.x and pip
- Docker (preferably Docker-CE)
- QRadar App SDK v2 — Current version: 2.2.3
You can check the QRadar App SDK compatibility here QRadar App Base Images
Preparing Your Environment
Installing Docker on RHEL/CentOS 8
1) Enable required repositories and install dependencies:
sudo subscription-manager repos --enable codeready-builder-for-rhel-8-$(arch)-rpms sudo dnf install https://dl.fedoraproject.org/pub/epel/epel-release-latest-8.noarch.rpm sudo dnf install pass
for other versions check here Get Docker
2) Remove Podman or ContainerD if already installed (they conflict with Docker):
sudo dnf -y remove podman runc
3) Install Docker-CE:
sudo dnf -y install docker-ce docker-ce-cli containerd.io
4) Enable and start the Docker service:
sudo systemctl enable docker sudo systemctl start docker
5) Add your user to the docker group:
sudo usermod -aG docker <YOUR_USER>
Note: You must log out and log back in for this change to take effect.
Installing the QRadar App SDK
1) Download the SDK from IBM X-Force Exchange:
Current version is 2.2.3
2) Extract the SDK package:
mkdir SDK cd SDK unzip QRadarAppSDK-2.2.3.zip
3) Run the installer script:
sudo ./install.sh
This script installs the `qapp` CLI tool to `/usr/local/bin/`.
Verify the installation:
qapp --version
Cloning Sample Applications
1) Clone IBM’s sample applications repository:
git clone https://github.com/IBM/qradar-sample-apps.git cd qradar-sample-apps/HelloWorld
2) Update the manifest.json file to change the base image, if necessary:
"image": "qradar-app-base:4.0.0",
Running the Application Locally
Run the HelloWorld app in a local Docker container:
qapp run
This will start the application locally for testing purposes.
The output must provide a url, in my case http://localhost:32768/, open your browser and access it.
Tip
if this previous step work, you can check if container is running
$ docker ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES ad02f6d95922 helloworld "sh /opt" 2 hours ago Up 2 hours 0.0.0.0:32768->5000/tcp qradar-helloworld
And check images
$ docker images REPOSITORY TAG IMAGE ID CREATED SIZE helloworld latest 1a55448eb20d 2 hours ago 388MB icr.io/qradar-siem-release/gaf/qradar-app-base 4.0.9 69c0c5539b12 4 months ago 388MB docker-release.secintel.intranet.ibm.com/gaf/qradar-app-base 2.1.23 36e712cf0105 12 months ago 358MB
Packaging and Deploying to QRadar
1) Create a deployment package:
qapp package -p app.zip
2) Deploy the application to a QRadar instance:
qapp deploy -p app.zip -q <QRADAR_IP> -u <USERNAME>
Example:
qapp deploy -p app.zip -q 192.168.42.150 -u admin