Preparing Your Environment

Installing Docker on RHEL/CentOS 8

1) Enable required repositories and install dependencies:

sudo subscription-manager repos --enable codeready-builder-for-rhel-8-$(arch)-rpms
sudo dnf install https://dl.fedoraproject.org/pub/epel/epel-release-latest-8.noarch.rpm
sudo dnf install pass

for other versions check here Get Docker

2) Remove Podman or ContainerD if already installed (they conflict with Docker):

sudo dnf remove podman runc

3) Install Docker-CE:

sudo dnf install docker-ce docker-ce-cli containerd.io

4) Enable and start the Docker service:

sudo systemctl enable docker
sudo systemctl start docker

5) Add your user to the docker group:

sudo usermod -aG docker <YOUR_USER>

Note: You must log out and log back in for this change to take effect.

Installing the QRadar App SDK

1) Download the SDK from IBM X-Force Exchange:

QRadar App SDK

Current version is 2.2.3

2) Extract the SDK package:

mkdir SDK
cd SDK
unzip QRadarAppSDK-2.2.3.zip

3) Run the installer script:

sudo ./install.sh

This script installs the `qapp` CLI tool to `/usr/local/bin/`.

Verify the installation:

qapp --version

Cloning Sample Applications

1) Clone IBM’s sample applications repository:

git clone https://github.com/IBM/qradar-sample-apps.git
cd qradar-sample-apps/HelloWorld

2) Update the `manifest.json` file to change the base image, if necessary:

"image": "qradar-app-base:4.0.0",

Running the Application Locally

Run the HelloWorld app in a local Docker container:

qapp run

This will start the application locally for testing purposes.

Packaging and Deploying to QRadar

1) Create a deployment package:

 qapp package -p app.zip

2) Deploy the application to a QRadar instance:

qapp deploy -p app.zip -q <QRADAR_IP> -u <USERNAME>

Example:

qapp deploy -p app.zip -q 192.168.42.150 -u admin

Ver também