IBM QRadar: Developing QRadar Applications: Difference between revisions
m (Ebasso moved page IBM QRadar: Using QRadar SDK to IBM QRadar: Developing QRadar Applications without leaving a redirect) |
|||
| Line 1: | Line 1: | ||
Some QRadar applications require additional dependencies to be installed. | |||
Some QRadar applications require additional dependencies to be installed | |||
Before starting, ensure your system has the following installed: | Before starting, ensure your system has the following installed: | ||
| Line 7: | Line 5: | ||
* Python 3.x and pip | * Python 3.x and pip | ||
* Docker (preferably Docker-CE) | * Docker (preferably Docker-CE) | ||
* | * QRadar App SDK v2 — '''Current version: 2.2.3''' | ||
== Preparing Your Environment == | == Preparing Your Environment == | ||
| Line 52: | Line 50: | ||
1) Download the SDK from IBM X-Force Exchange: | 1) Download the SDK from IBM X-Force Exchange: | ||
[https://exchange.xforce.ibmcloud.com/hub/extension/517ff786d70b6dfa39dde485af6cbc8b QRadar App SDK 2.2.3 | [https://exchange.xforce.ibmcloud.com/hub/extension/517ff786d70b6dfa39dde485af6cbc8b QRadar App SDK] | ||
Current version is 2.2.3 | |||
2) Extract the SDK package: | 2) Extract the SDK package: | ||
Revision as of 12:05, 28 July 2025
Some QRadar applications require additional dependencies to be installed.
Before starting, ensure your system has the following installed:
- Python 3.x and pip
- Docker (preferably Docker-CE)
- QRadar App SDK v2 — Current version: 2.2.3
Preparing Your Environment
Installing Docker on RHEL/CentOS 8
1) Enable required repositories and install dependencies:
sudo subscription-manager repos --enable codeready-builder-for-rhel-8-$(arch)-rpms sudo dnf install https://dl.fedoraproject.org/pub/epel/epel-release-latest-8.noarch.rpm sudo dnf install pass
2) Remove Podman or ContainerD if already installed (they conflict with Docker):
sudo dnf remove podman runc
3) Install Docker-CE:
sudo dnf install docker-ce docker-ce-cli containerd.io
4) Enable and start the Docker service:
sudo systemctl enable docker sudo systemctl start docker
5) Add your user to the docker group:
sudo usermod -aG docker <YOUR_USER>
Note: You must log out and log back in for this change to take effect.
Installing the QRadar App SDK
1) Download the SDK from IBM X-Force Exchange:
Current version is 2.2.3
2) Extract the SDK package:
mkdir SDK cd SDK unzip QRadarAppSDK-2.2.3.zip
3) Run the installer script:
sudo ./install.sh
This script installs the `qapp` CLI tool to `/usr/local/bin/`.
Verify the installation:
qapp --version
Cloning Sample Applications
1) Clone IBM’s sample applications repository:
git clone https://github.com/IBM/qradar-sample-apps.git cd qradar-sample-apps/HelloWorld
2) Update the `manifest.json` file to change the base image, if necessary:
"image": "qradar-app-base:4.0.0",
Running the Application Locally
Run the HelloWorld app in a local Docker container:
qapp run
This will start the application locally for testing purposes.
Packaging and Deploying to QRadar
1) Create a deployment package:
qapp package -p app.zip
2) Deploy the application to a QRadar instance:
qapp deploy -p app.zip -q <QRADAR_IP> -u <USERNAME>
Example:
qapp deploy -p app.zip -q 192.168.42.150 -u admin