Reading a validation report
After the validation is complete, you can either export the report or read it online.
- Click Pre-Validation on the QRadar® Console.
- To download the report in JSON format, click the download icon ( ) in the upper right of the page.
- To read the report online, click the document icon ( ) in the upper right
of the page. The following tables describe the validation steps and provide resolutions to fix errors.
Table 1. Extension .zip file Rule name Description Check extension .zip file content Checks whether the extension .zip file can be extracted and contains necessary files. Content export XML existence Checks whether the extension .zip file contains Content XML. If not, the checking process is aborted. Extension manifest existence Checks whether the extension .zip file contains manifest.txt. If not, the checking process is aborted. Table 2. Extension manifest (manifest.txt) Rule name Description Load extension manifest Checks if the manifest.txt (the information of the extension) is in JSON format. If not, the checking process is aborted. You can download the manifest.txt file from the X-Force App Exchange submission portal and the related fields are generated automatically. Extension version format is valid Checks whether the extension version (version field in manifest.txt) is in a sequence format of three digits, as MAJOR.MINOR.PATCH. Minimum QRadar version is valid Checks whether the supported QRadar version (min_qradar_version defined in manifest.txt) is valid. It can be formatted in a sequence of three digits (2019.14.6) or four digits (2019.14.6.20201205215722). You can log in to your QRadar by using SSH and use /opt/qradar/bin/myver to find your QRadar version in your development environment. Extension must support English Checks whether the doc.extension_manifest.supported_language_set (an array) contains at least 'en-US'. This field is generated by the X-Force App Exchange submission portal. Extension package size is valid Checks the doc.extension_manifest.package_size in the manifest.txt file. This field is generated by the X-Force App Exchange submission portal. Checking against other fields Checks whether the mandatory fields (name, description, author, and author email) are defined in the manifest.txt file. These fields are generated by the X-Force App Exchange submission portal. Table 3. Extension Signing Rule name Description Signing artifacts are placed in META-INF directory Checks whether the extension is signed. For more information, see How to get your extension .zip file ready for validation. Table 4. Content XML Rule name Description Load content export XML Checks if the content XML can be loaded successfully. Application info is valid Checks whether any application is exported in this content XML. If yes, check if the information of that application is correct. QRadar version number is in valid format Checks whether the <qradarversion>...</qradarversion> contains a valid QRadar version with correct format. This field is generated automatically by QRadar. For more information, see Exporting custom content items of different types. Custom event property sanity check Checks if any custom property in this Content XML conflicts with the published extensions. If the extension contains any properties that have the same name as other published extensions, it can't install properly. To fix or prevent a conflicted custom property, you can install IBM QRadar Custom Properties Dictionary on your QRadar Console, and select the property from the console UI to export your content XML. Custom search sanity check Checks whether any search attributes are missing due to manual modification. Custom rule sanity check Checks whether any rule attributes are missing due to manual modification. Table 5. Application .zip file Rule name Description Application .zip file extraction Checks whether the application .zip file can be extracted successfully. Loading application manifest.json Checks whether the manifest.json file is in a valid JSON format. Application version format is valid Checks the application version (version field in manifest.json) is in a sequence of three digits as MAJOR.MINOR.PATCH. Supported by App Framework V2 Checks whether the application uses the new base image that is provided by the App Framework V2. For more information, see QRadar: How to migrate applications from app framework v1 to V2. Check environment variables Checks whether the value of environment_variables in the manifest.json file is in a valid format. For more information, see QRadar App framework - Manifest object types - Environment variables. Check service names and ports Checks whether the value of environment_variables in the manifest.json file is in a valid format. For more information, see QRadar App framework - Manifest object types - Service type.Note: If the extension doesn't contain apps, rule checking in the Application.zip file is skipped. Table 6. Installation scripts Rule name Description The folder structure is valid Checks if the app .zip file contains mandatory folders. Dependency of Python packages should be resolved without access Internet Checks if the dependency of Python packages can be resolved locally. It's a requirement that the application can be installed successfully without Internet access. Installation script should not access Internet Checks if the init scripts in container/run and container/build do not contain commands to access the Internet. Check for override packages Checks if the application .zip file installs its own versions of OpenSSH and SQLite3. These packages are already provided in the App Framework V2 runtime environment. Should not use sudo in init script Checks if the sudo command is used in the init scripts in the container/run and container/build directories. Should not use custom encdec.py and qpylib Checks if the application .zip file contains s home-built qpylib library. The qpylib library is already provided in the App Framework V2 runtime environment.Note: If the extension doesn't contain apps, rule checking in the Installation scripts is skipped. Table 7. Extension and Application cross check Rule name Description Content can be installed on provided minimum supported QRadar version Checks if your content XML can be installed on the minimum supported QRadar version is defined in the min_qradar_version, which field of manifest.txt.
- min_qradar_version is set to "7.3.2" and the content XML is exported from 7.3.2 Fix Pack 5 (7.3.2 20191022133252).
- min_qradar_version is set to "7.3.2" and the content XML is exported from 7.3.1 GA (7.3.1. 20171206222136).
- min_qradar_version is set to "2019.14.0" (7.3.3 GA) and the content XML is exported from 7.3.3 Fix Pack 6 (2019.14.6.20201205215722)
- You can log in to your QRadar console via SSH by using /opt/qradar/bin/myver to see your Internal QRadar version (four digits).
- min_qradar_version in manifext.txt is in a sequence of either three digits(2019.14.6) or four digits(2019.14.6.20201205215722).
Check the exported QRadar version in content XML provides App Framework V2 The App Framework V2 is provided on QRadar 7.3.3 Fix Pack 6+, 7.4.1 Fix Pack 2+, or QRadar 7.4.2+ (not supported in 7.4.0.x). If your extension contains at least one application that runs on App Framework V2, this rule checks whether your content XML is exported in the supported QRadar version list. Check the minimum supported QRadar version in manifest.txt provides App Framework V2 If your extension contains at least one application that runs on App Framework V2, this rule checks if your minimum supported version (min_qradar_version in manifest.txt) provides App Framework V2. Table 8. Security Check Rule name Description Security check for Python codes
The IBM QRadar Pre-Validation app uses Bandit to find common security issues in Python code.
It is not uncommon for Bandit, or any other automated tools, to generate false-positive results. Analyze the report to determine the validity of the results.
- If necessary, upload the corrected compressed file and validate the package again.