Scenario: Creating a QRadar Dashboard
You can use the QRadar® connector that is already provided in Cloud Application Business Insights to connect to a web service. You can then create a manual data definition to retrieve data from the web service and display it on a dashboard.
Use case description
As a dashboard designer, I want to create a custom dashboard to view offenses and their severity on a source network.
Query usedThe dashboard for this use case displays the following data from the web service:
- Configure a web service.
- Create a manual data definition to query the web service.
- Create a dashboard that displays the data that is retrieved from the web service.
Configuring a web service
- Access the Dashboard Designer tool.
For more information, see Accessing the IBM Cloud Application Business Insights web interface.
- Configure the web service.
For example, create QRadar_service_01 Connector Source.Use the following information to create the QRadar_service_01 Connector Source:
Fields Value Connector Type QRadar Connector Source Name QRadar_service_01 Endpoint URL https://server_IP_or_HOSTNAME/api
Where, server_IP_or_HOSTNAME is the IP address or hostname of the server where the web service is hosted.
Authentication type Select Basic Authentication
Select None, if username and password were not configured during web service installation.
Username Username to access the web service. Password Password to access the web service.
- Click Next.
- From the Method list, select GET method, and in
the URI field, enter the uniform resource identified (URI) for QRadar source.
For example, /analytics/rules
- To make sure that the connection to the data source is successful, click Test
If the source details and the sample request are valid and complete, then a message indicating that the connection is successful is displayed.
For more information, see Configuring IBM QRadar Connector Sources.
- Click Save.
Creating a manual data definition
- In the navigation pane of Dashboard Designer, click .
The New Data Definition tab opens.
- Create a manual data definition for the web service:
Use the following information to create QRadar_query for QRadar_service_01 connector source:
Field Value Connector Type QRadar Connector Source Name QRadar_service_01 Method GET URI /siem/offenses
- To view and validate the response received from the manual data definition that you created,
click the Preview
The response from the manual data definitions is displayed in a tabular format. You need the column names to define chart properties when you create a dashboard.
- Save the manual data definition as Qradar_query.
Creating a dashboard
Complete the following steps to create a dashboard named QRadar:
- In the navigation pane of Dashboard Designer, click Dashboards, and then click Create New Dashboard.
- In the Create a New Dashboard: Select a layout window, click a 1x1 layout,
and then click Select.
For more information, see Layouts.
- In the navigation pane of Dashboard Designer, click Chart, and drag a Clustered Columns chart to the widget or chart area.
For more information about the various chart types, see Charts.
- Click the Set Data Definition icon
- In the Set Data Definition window, click Select from saved Data Definition, and then click Continue.
- In the Set Data Definition window, click QRadar_query that is listed under Data Definition (select one or more) pane, and click the Move to selected icon to add the data definition to Selected Data Definition pane.
- Click the Set Properties icon.
- In the Set Properties window, click Series. In the Series Type tab, click Define a Dynamic Series.
- Click the Series tab, and enter a column name that is displayed in the
manual data definition preview.For example,
- In the X-axis Labels field, enter offence_id.
- In the Y-axis Values field, enter offence_severity.
- In the Legends field, enter source_network
- Ensure that you enter appropriate column names from the manual data definition preview.
- The steps that are listed in the table are minimal steps that must be completed for any chart to be displayed.
- To save the dashboard, click Save. Save the dashboard as QRadar.
- Build a menu and add the dashboard to the menu by using the following tasks:
- From the navigation pane, click .
- Enter the name for the first menu. For example, QRadar_Dashboard.
- Right-click QRadar_Dashboard and select Add Child.
- Click the Dashboard icon and drag QRadar dashboard that you created from the list on the Dashboard tab, which is on the right of the window.
- Click the User Groups tab and assign the user groups who can view this dashboard.
- Save and publish the dashboard.
For more information, see Menu Access.
- Access the Engine user interface.
- Go to to view your dashboard.