IBM QRadar: Developing QRadar Applications: Difference between revisions
No edit summary |
No edit summary |
||
| Line 1: | Line 1: | ||
= Developing QRadar Applications = | |||
Some QRadar applications require additional dependencies to be installed. When this is the case, it will be clearly outlined in the app’s `README.md` file. | |||
Before starting, ensure your system has the following installed: | |||
* Python 3.x and pip | |||
* Docker (preferably Docker-CE) | |||
* '''QRadar App SDK v2 — Current version: 2.2.3''' | |||
== | == Preparing Your Environment == | ||
=== Installing Docker on RHEL/CentOS 8 === | |||
1) Enable required repositories and install dependencies: | |||
<pre> | |||
sudo subscription-manager repos --enable codeready-builder-for-rhel-8-$(arch)-rpms | |||
sudo dnf install https://dl.fedoraproject.org/pub/epel/epel-release-latest-8.noarch.rpm | |||
sudo dnf install pass | |||
</pre> | |||
2) Remove Podman or ContainerD if already installed (they conflict with Docker): | |||
<pre> | |||
sudo dnf remove podman runc | |||
</pre> | |||
3) Install Docker-CE: | |||
<pre> | |||
sudo dnf install docker-ce docker-ce-cli containerd.io | |||
</pre> | |||
4) Enable and start the Docker service: | |||
<pre> | |||
sudo systemctl enable docker | |||
sudo systemctl start docker | |||
</pre> | |||
5) Add your user to the docker group: | |||
<pre> | |||
sudo usermod -aG docker <YOUR_USER> | |||
</pre> | |||
''Note: You must log out and log back in for this change to take effect.'' | |||
=== Installing the QRadar App SDK === | |||
1) Download the SDK from IBM X-Force Exchange: | |||
[https://exchange.xforce.ibmcloud.com/hub/extension/517ff786d70b6dfa39dde485af6cbc8b QRadar App SDK 2.2.3] | |||
2) Extract the SDK package: | |||
<pre> | |||
mkdir SDK | |||
cd SDK | |||
unzip QRadarAppSDK-2.2.3.zip | |||
</pre> | |||
3) Run the installer script: | |||
<pre> | |||
sudo ./install.sh | |||
</pre> | |||
This script installs the `qapp` CLI tool to `/usr/local/bin/`. | |||
Verify the installation: | |||
<pre> | |||
qapp --version | |||
</pre> | |||
== Cloning Sample Applications == | |||
1) Clone IBM’s sample applications repository: | |||
<pre> | |||
git clone https://github.com/IBM/qradar-sample-apps.git | |||
cd qradar-sample-apps/HelloWorld | |||
</pre> | |||
2) Update the `manifest.json` file to change the base image, if necessary: | |||
<pre> | |||
"image": "qradar-app-base:4.0.0", | |||
</pre> | |||
== | == Running the Application Locally == | ||
Run the HelloWorld app in a local Docker container: | |||
<pre> | |||
qapp run | |||
</pre> | |||
This will start the application locally for testing purposes. | |||
== Packaging and Deploying to QRadar == | |||
1) Create a deployment package: | |||
<pre> | |||
qapp package -p app.zip | qapp package -p app.zip | ||
</pre> | |||
2) Deploy | 2) Deploy the application to a QRadar instance: | ||
<pre> | |||
qapp deploy -p app.zip -q <QRADAR_IP> -u <USERNAME> | |||
</pre> | |||
Example: | |||
<pre> | |||
qapp deploy -p app.zip -q 192.168.42.150 -u admin | |||
</pre> | |||
Revision as of 12:03, 28 July 2025
Developing QRadar Applications
Some QRadar applications require additional dependencies to be installed. When this is the case, it will be clearly outlined in the app’s `README.md` file.
Before starting, ensure your system has the following installed:
- Python 3.x and pip
- Docker (preferably Docker-CE)
- QRadar App SDK v2 — Current version: 2.2.3
Preparing Your Environment
Installing Docker on RHEL/CentOS 8
1) Enable required repositories and install dependencies:
sudo subscription-manager repos --enable codeready-builder-for-rhel-8-$(arch)-rpms sudo dnf install https://dl.fedoraproject.org/pub/epel/epel-release-latest-8.noarch.rpm sudo dnf install pass
2) Remove Podman or ContainerD if already installed (they conflict with Docker):
sudo dnf remove podman runc
3) Install Docker-CE:
sudo dnf install docker-ce docker-ce-cli containerd.io
4) Enable and start the Docker service:
sudo systemctl enable docker sudo systemctl start docker
5) Add your user to the docker group:
sudo usermod -aG docker <YOUR_USER>
Note: You must log out and log back in for this change to take effect.
Installing the QRadar App SDK
1) Download the SDK from IBM X-Force Exchange:
2) Extract the SDK package:
mkdir SDK cd SDK unzip QRadarAppSDK-2.2.3.zip
3) Run the installer script:
sudo ./install.sh
This script installs the `qapp` CLI tool to `/usr/local/bin/`.
Verify the installation:
qapp --version
Cloning Sample Applications
1) Clone IBM’s sample applications repository:
git clone https://github.com/IBM/qradar-sample-apps.git cd qradar-sample-apps/HelloWorld
2) Update the `manifest.json` file to change the base image, if necessary:
"image": "qradar-app-base:4.0.0",
Running the Application Locally
Run the HelloWorld app in a local Docker container:
qapp run
This will start the application locally for testing purposes.
Packaging and Deploying to QRadar
1) Create a deployment package:
qapp package -p app.zip
2) Deploy the application to a QRadar instance:
qapp deploy -p app.zip -q <QRADAR_IP> -u <USERNAME>
Example:
qapp deploy -p app.zip -q 192.168.42.150 -u admin