IBM Support

Creating a Hello World App

How To


Summary

Learn how to build QRadar apps with a simple Hello World App

Steps

When you add an app in the Application Development Manager window, a simple "Hello World" sample app is also created.

The Hello World sample app adds a Hello World tab to QRadar.

The following image shows an example of the Hello World tab that is added to QRadar.

Hello World App Area

You can use this sample app as a simple template from which to build your own apps that require tabs. When you run the development environment script, the files that are described in the following table are added to your application development folder:

Files/Folders Description
app The root directory which contains the following source code:

__init__.py and views.py

__init__.py A sample initialisation file that creates an instance of the Flask micro-framework which imports views from the views.py script and functions from the qpylib library.
views.py The main entry point into the web application. The file and the manifest.json file are the only files that are required in every app. Contains sample code for the Hello World app.
manifest.json Describes to QRadar what the sample Hello World app does.

Note: If you're migrating an app from Centos to the app framework v2, the qpylib directory should be removed if it exists.

Application Manifest

The manifest.json file contains the following code:

{
    "name":"Hello World App",
    "description":"Simple Hello Word flask app",
    "version":"1.0.0",
    "uuid":"0616bdb3-1c7a-4acf-89a2-4dc726e010bf",
    "image": "QRadar-app-base:2.0.0",
    "areas": [
        {
            "id":"HelloWorldTab",
            "text":"HelloWorld ",
            "description":"Dummy tab that displays text from the flask app",
            "url":"index",
            "required_capabilities":[]
        }
    ]
}

The first five objects, name, description, version, uuid and image provide basic app information.

The areas object describes the capabilities of the Hello World app. The QRadar GUI Application Framework uses areas objects to describe new complete pages of the app. Areas objects are represented as tabs in the user interface.

The areas block contains the fields that are described in the following table:

Name Description Example Value
id The ID of the new tab HelloWorldTab
text The name of the tab that is displayed in the user interface. HelloWorld
description A description of the tab that is displayed. Dummy tab that displays text from the flask app
url Describes the route that is defined in the views.py script that QRadar uses so it can display the "Hello, World!" text in the body of the new tab. index
required_capabilities Instructs QRadar to display the Hello World tab only to users with Administrator privileges. []

Python Endpoints

The app/views.py file contains the following code:

# Licensed Materials - Property of IBM
# 5725I71-CC011829
# (C) Copyright IBM Corp. 2015, 2020. All Rights Reserved.
# US Government Users Restricted Rights - Use, duplication or
# disclosure restricted by GSA ADP Schedule Contract with IBM Corp.


from flask import Blueprint

# pylint: disable=invalid-name
viewsbp = Blueprint('viewsbp', __name__, url_prefix='/')


@viewsbp.route('/')
@viewsbp.route('/index')
def index():
  return "Hello World!"

The code creates the default / and /index routes, both of which return a simple string. The index route is declared in the url field of the manifest.json file.

App Startup

When QRadar starts your app, it calls the _init_.py script. The _init_.py file creates an instance of the Flask microframework environment that imports your views module. Your views modules define all the necessary endpoints and routes that serve content back to QRadar.

# Licensed Materials - Property of IBM
# 5725I71-CC011829
# (C) Copyright IBM Corp. 2015, 2020. All Rights Reserved.
# US Government Users Restricted Rights - Use, duplication or
# disclosure restricted by GSA ADP Schedule Contract with IBM Corp.


__author__ = 'IBM'

from flask import Flask
from qpylib import qpylib


# Flask application factory.
def create_app():
    # Create a Flask instance.
    qflask = Flask(__name__)

    # Retrieve QRadar app id.
    qradar_app_id = qpylib.get_app_id()

    # Create unique session cookie name for this app.
    qflask.config['SESSION_COOKIE_NAME'] = 'session_{0}'.format(qradar_app_id)

    # Hide server details in endpoint responses.
    # pylint: disable=unused-variable
    @qflask.after_request
    def obscure_server_header(resp):
        resp.headers['Server'] = 'QRadar App {0}'.format(qradar_app_id)
        return resp

    # Register q_url_for function for use with Jinja2 templates.
    qflask.add_template_global(qpylib.q_url_for, 'q_url_for')

    # Initialize logging.
    qpylib.create_log()

    # To enable app health checking, the QRadar App Framework
    # requires every Flask app to define a /debug endpoint.
    # The endpoint function should contain a trivial implementation
    # that returns a simple confirmation response message.
    @qflask.route('/debug')
    def debug():
        return 'Pong!'

    # Import additional endpoints.
    # For more information see:
    # https://flask.palletsprojects.com/en/1.1.x/tutorial/views
    from . import views
    qflask.register_blueprint(views.viewsbp)

    return qflask

Note: You do not have to include the __author__ tag, but it is considered good practice to use it.

Conclusion

You can use the Hello World sample app to test the QRadar SDK in these ways:

  • Run the Hello World app locally.
  • If you have a test instance of QRadar Console, you use the SDK to package and upload the Hello World app to it.
  • However, most importantly you can use the Hello World sample app files as a template to start developing your own QRadar apps.

Document Location

Worldwide

[{"Line of Business":{"code":"LOB24","label":"Security Software"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSBQAC","label":"IBM Security QRadar SIEM"},"ARM Category":[{"code":"a8m0z000000cwt3AAA","label":"QRadar Apps"}],"ARM Case Number":"","Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"All Version(s)"}]

Document Information

Modified date:
30 March 2021

UID

ibm16437429