Defining new applications
IBM® QRadar® shows the name of the flow application on the Network Activity and Offenses tabs. You can define new applications or change the name that is shown for existing applications.
About this task
When you specify an application, the <appid>
number must be unique. For
custom applications, assign numbers that are in the 15,000 - 20,000 range. Within each application,
you can define up to five levels of categorization, but QRadar displays only the first
three categories.
New in 7.4.3 You can use the new flow applications API to manage the mapping of application IDs to application name.
- staged_config/flow/applications/active_applications
- config/flow/applications/active_applications
The active configuration shows the list of applications that are currently in use.
- config/flow/applications/default_applications
The default application list is read-only. Default applications are provided as a system backup in case the configuration for an active flow application is deleted or changed.
<appname><appid>
For each application, you can define up to five levels of categorization, and each subcategory is separated by a number sign (#). If an application contains fewer than five categories, include a number sign in place of each missing subcategory.
Authentication#Radius-1646####51343
as an application ID,
insert the application ID as
follows:Authentication#Radius-1645####51342
Authentication#Radius-1646####51343 <- inserted application
Authentication#Radius-1812####51344
Authentication#Radius-1813####51345
Procedure
What to do next
Update the application mapping and applications signature files.