Scenario: Creating a QRadar Dashboard

You can use the QRadar® connector that is already provided in Cloud Application Business Insights to connect to a web service. You can then create a manual data definition to retrieve data from the web service and display it on a dashboard.

Use case description

As a dashboard designer, I want to create a custom dashboard to view offenses and their severity on a source network.

Query used

The dashboard for this use case displays the following data from the web service:
  • offence_id
  • offence_severity
  • source_network
To create a dashboard, you need to complete the following tasks:
  1. Configure a web service.
  2. Create a manual data definition to query the web service.
  3. Create a dashboard that displays the data that is retrieved from the web service.

Configuring a web service

Complete the following steps to configure a web service named QRadar_service_01:
  1. Access the Dashboard Designer tool.

    For more information, see Accessing the IBM Cloud Application Business Insights web interface.

  2. Configure the web service.

    For example, create QRadar_service_01 Connector Source.

    Use the following information to create the QRadar_service_01 Connector Source:
    Fields Value
    Connector Type QRadar
    Connector Source Name QRadar_service_01
    Endpoint URL https://server_IP_or_HOSTNAME/api

    Where, server_IP_or_HOSTNAME is the IP address or hostname of the server where the web service is hosted.

    Authentication type Select Basic Authentication

    Select None, if username and password were not configured during web service installation.

    Username Username to access the web service.
    Password Password to access the web service.
  3. Click Next.
  4. From the Method list, select GET method, and in the URI field, enter the uniform resource identified (URI) for QRadar source.

    For example, /analytics/rules

  5. To make sure that the connection to the data source is successful, click Test Connection.

    If the source details and the sample request are valid and complete, then a message indicating that the connection is successful is displayed.

    For more information, see Configuring IBM QRadar Connector Sources.

  6. Click Save.

Creating a manual data definition

Complete the following steps to create a manual data definition named QRadar_query for QRadar_service_01 web service:
  1. In the navigation pane of Dashboard Designer, click Data Definition > Custom > Create New Data Definition.

    The New Data Definition tab opens.

  2. Create a manual data definition for the web service:
    Use the following information to create QRadar_query for QRadar_service_01 connector source:
    Field Value
    Connector Type QRadar
    Connector Source Name QRadar_service_01
    Method GET
    URI /siem/offenses
  3. To view and validate the response received from the manual data definition that you created, click the Preview Preview icon.

    The response from the manual data definitions is displayed in a tabular format. You need the column names to define chart properties when you create a dashboard.

  4. Save the manual data definition as Qradar_query.

Creating a dashboard

Complete the following steps to create a dashboard named QRadar:

  1. In the navigation pane of Dashboard Designer, click Dashboards, and then click Create New Dashboard.
  2. In the Create a New Dashboard: Select a layout window, click a 1x1 layout, and then click Select.

    For more information, see Layouts.

  3. In the navigation pane of Dashboard Designer, click Chart, and drag a Clustered Columns chart to the widget or chart area.

    For more information about the various chart types, see Charts.

  4. Click the Set Data Definition Set Data Definition icon icon
  5. In the Set Data Definition window, click Select from saved Data Definition, and then click Continue.
  6. In the Set Data Definition window, click QRadar_query that is listed under Data Definition (select one or more) pane, and click the Move to selected Move to selected icon to add the data definition to Selected Data Definition pane.
  7. Click the Set Properties Set Properties icon icon.
  8. In the Set Properties window, click Series. In the Series Type tab, click Define a Dynamic Series.
  9. Click the Series tab, and enter a column name that is displayed in the manual data definition preview.
    For example,
    • In the X-axis Labels field, enter offence_id.
    • In the Y-axis Values field, enter offence_severity.
    • In the Legends field, enter source_network
    Note:
  10. To save the dashboard, click Save. Save the dashboard as QRadar.
  11. Build a menu and add the dashboard to the menu by using the following tasks:
    1. From the navigation pane, click Menu Access > Create New Menu.
    2. Enter the name for the first menu. For example, QRadar_Dashboard.
    3. Right-click QRadar_Dashboard and select Add Child.
    4. Click the Dashboard dashboard icon icon and drag QRadar dashboard that you created from the list on the Dashboard tab, which is on the right of the window.
    5. Click the User Groups tab and assign the user groups who can view this dashboard.
    6. Save and publish the dashboard.

      For more information, see Menu Access.

  12. Access the Engine user interface.
  13. Go to QRadar_Dashboard > QRadar to view your dashboard.