How To
Summary
App names, GUI action groups, and page IDs are identifiers that IBM® QRadar® uses for QRadar products, GUI actions, and UI pages
Steps
The following manifest blocks use these identifiers.
The groups field of the gui_actions block uses GUI action group identifiers to specify the toolbar or right-click menu where the GUI action is added:
"gui_actions": [
{
"id":"sampleToolbarButton",
"text":"Sample Toolbar Button",
"description":"Sample toolbar button that calls a REST method, passing an offense ID along",
"icon":null,
"rest_method":"sampleToolbarMethod",
"javascript":"alert(result)",
"groups":[ "OffenseListToolbar" ],
"required_capabilities":[ "ADMIN" ]
}
]
The app_name
and page_id
fields of the page_scripts
block use the app name and page ID identifiers to specify the QRadar application tab and sub page into which the page script is added.
"page_scripts": [
{
"app_name":"SEM",
" page_id":"OffenseList",
"scripts":["/static/sampleScriptInclude.js"]
}
],
Supported App Names
The following table shows a list of supported app names with descriptions.
Table 1. Supported app names
App Name | Description |
---|---|
assetprofile | Asset Profile (for example, Vulnerabilities: Manage Vulnerabilities, search) |
Assets | Assets Manager |
EventViewer | Event Viewer (for example, syslogdestination) |
Forensics | Incident Forensics |
QRadar | QRadar (for example, Reference Data) |
QVM | QRadar Vulnerability Manager |
Reports | Reports |
Sem | Offense Management |
SRM | QRadar Risk Manager |
Surveillance | Network Surveillance (Flows) |
Supported GUI Actions and Corresponding Page IDs
The following table describes the supported GUI Actions and corresponding page IDs.
Table 2. Supported GUI Actions and Page IDs
GUI Action group | App name | Page ID | Location |
---|---|---|---|
AssetDetailsToolbar | Assets | AssetDetailsVulnList | Assets - click on IP Address/ Vulnerabilities - Manage Vulnerabilities - By Asset - click on IP Address |
AssetListToolbar | Assets | AssetList | Asset tab list |
AssetOwnerToolbar | assetprofile | AssetOwner | Vulnerabilities tab - left panel - Vulnerability Assignment |
AttackerList | SEM | OffenseSummary | Offense Tab - All Offenses - double-click offense row - right-click row in Top 5 Source IPs section |
AttackerListSmallToolbar | SEM | OffenseAttackerList | Offenses tab - All Offenses - double-click offense row - click Sources button on Top 5 Source IPs toolbar |
NetworkAttackerList | Offenses tab - By Network - select row - click Sources button on toolbar to view List of Sources | ||
TargetAttackerList | Offenses tab - By Destination IP - select row, click Sources button on toolbar to view List of Sources | ||
AttackerListToolbar | SEM | AttackerList | Offenses tab - By Source IP |
ByAssetListFormToolbar | assetprofile | ByAssetListForm | Vulnerabilities tab - Manage vulnerabilities - by Asset |
ByNetworkListToolbar | assetprofile | ByNetworkList | Vulnerabilities tab - Manage vulnerabilities - by Network |
ByOpenServiceListToolbar | assetprofile | ByOpenServiceList | Vulnerabilities tab - Manage vulnerabilities - by Open Service |
ByVulnerabilityInstanceListToolbar | assetprofile | ByVulnerabilityInstanceList | Vulnerabilities tab - Manage vulnerabilities - By vulnerability instance - main screen |
ByVulnerabilityListToolbar | assetprofile | ByVulnerabilityList | Vulnerabilities tab - Manage vulnerabilities - By vulnerability |
CategoryList | SEM | OffenseSummary | Offenses tab - All Offenses, - double-click row -Top 5 Categories table - right-click a row |
CategoryListToolbar | SEM | OffenseCategoryList | Offenses Tab - All offenses - double-click row - click Display > Categories in toolbar - List of Event Categories table toolbar |
DomainListToolbar | QRadar | DomainList | Admin tab - Domain Management |
EventDetailsToolbar | Event Viewer | EventDetails | Log Activity tab - pause - click row - Events detail toolbar |
ExceptionRulesListToolbar | assetprofile | ExceptionRulesList | Vulnerabilities tab - Vulnerability exception |
FlowDetailsToolbar | Surveillance | FlowDetails | Network Activity - double-click on a flow. |
FlowsourceListToolbar | Surveillance | FlowsourceList | Admin tab - Flow Sources |
MyAssignedVulnerabilitiesListToolbar | assetprofile | MyAssignedVulnerabilitiesList | Vulnerability tab - My assigned vulnerabilities |
NetworkHierarchyListToolbar | QRadar | NetworkHierarchyList | Admin tab - Network Hierarchy |
NetworkListSmallToolbar | SEM | OffenseNetworkList | Offenses tab - All Offenses - double-click row - click Display in toolbar, Networks, Destination Networks table, toolbar, and right click |
NetworkListToolbar | SEM | NetworkList | Offenses -By Network |
NetworkSummaryToolbar | SEM | NetworkOffenseList | Offenses Tab - By Network - double-click an offense. |
ObfuscationProfileContextMenu | QRadar | ObfuscationProfiles | Admin - Data Obfuscation Management |
ObfuscationRightClick | QRadar | Deprecated | |
OffenseListSmallToolbar | SEM | AttackerOffenseList | Offenses - double-click a row in Offenses - double-click row in Top 5 SourceIPs - select a row and right click |
SEM | TargetOffenseList | Offenses - double-click a row in Offenses - double-click row in Top 5 SourceIPs - double-click a row - select a row and right click | |
OffenseListToolbar | SEM | OffenseList | Offenses tab main page |
OffenseSummaryToolbar | SEM | OffenseSummary | Offenses tab, double-click Offense - toolbar |
OffenseDeviceList | Click Display > Log Sources | ||
OffenseUserList | Click Display > Users | ||
OffenseRuleList | Click Display > Rules | ||
OffenseSummaryToolbar | OffenseAttackerList Added in QRadar V.7.3.0 | Offenses tab, double-click Offense - on toolbar, Click Display > Sources | |
OffenseCategoryList Added in QRadar V.7.3.0 | Offenses tab, double-click Offense - on toolbar, Click Display > Categories | ||
OffenseNetworkList Added in QRadar V.7.3.0 | Offenses tab, double-click Offense - on toolbar, Click Display > Networks | ||
OffenseSummaryToolbar | SEM | OffenseAnnotationList Added in QRadar V.7.3.2 | Click Display > Annotations |
OffenseSummaryToolbar | SEM | OffenseTargetList Added in QRadar V.7.3.2 | Click Display > Destinations |
OffenseSummaryToolbar | SEM | NotesList Added in QRadar V.7.3.2 | Click Display > Notes |
ReferenceSetElemsContextMenu | QRadar | ReferenceSetElems | Admin tab- Reference Set Management - View a reference set - Content tab, right-click row |
ReferenceSetElemsToolbar | QRadar | ReferenceSetElems | Admin tab- Reference Set Management - View a reference set - Content tab |
ReferenceSetRulesContextMenu | QRadar | ReferenceSetRules | Admin tab - Reference Set Management - View a reference set - References tab, right-click row |
ReferenceSetRulesToolbar | QRadar | ReferenceSetRules | Admin tab - Reference Set Management - View a reference set - References tab, click row, click toolbar button |
ReferenceSetsContextMenu | QRadar | ReferenceSets | Admin tab - Reference Set Management - right-click a reference set. |
ReferenceSetsToolbar | QRadar | ReferenceSets | Admin tab -Reference Set Management |
ReportTemplateListToolbar | Reports | ReportTemplateListAll | Reports tab toolbar |
ScanPolicyVulnerabilityListToolbar | assetprofile | ScanPolicyVulnerabilityList | Vulnerabilities tab - Left panel - Administrative - Scan Policies - Add - Scan Type Patch - Vulnerabilities Tab - Add. GUI action appears in toolbar |
ScanResultsListToolbar | QVM | ScanResultsList | Vulnerabilities Tab - Scan Results |
SensorDeviceListToolbar | EventViewer | SensorDeviceList | Admin tab - Log Sources |
TargetList | SEM | OffenseSummary | Offenses tab - double-click offense, Top 5 Destination IPs table, right-click row. |
TargetListToolbar | SEM | TargetList | Offenses tab - By Destination IP. |
TargetSummaryToolbar | SEM | TargetOffenseList | Offenses tab - By Destination IP - double-click offense |
TargetNotesList | Offenses tab - By Destination IP - double click offense - click Notes on toolbar | ||
TargetAttackerList | Offenses tab - By Destination IP - double click offense - click Sources on toolbar | ||
TenantListToolbar | QRadar | TenantList | Admin tab - Tenant Management |
VaScannerSchedulesListToolbar | Assets | VaScannerSchedulesList | Admin tab - Schedule VA Scanners |
VaScannersListToolbar | Assets | VaScannersList | Admin tab - VA Scanners |
ViewNotesToolbar | SEM | OffenseSummary | Offenses tab - double-click Offense, Last 5 Notes table toolbar |
ViewOffenseDevicesToolbar | SEM | OffenseSummary | Offenses tab - double-click Offense - Top 5 Log Sources table toolbar |
ViewoffenseusersToolbar | SEM | OffenseSummary | Offenses tab - double-click Offense, Top 5 Users table toolbar |
VulnerabilityManagementListPopup | assetprofile | ByAssetListForm, ByNetworkList, ByOpenServiceList, ByVulnerabilityList, MyAssignedVulnerabilitiesList, ByVulnerabilityInstanceList | Vulnerabilities tab - Manage Vulnerabilities- By Network - By Asset - By Vulnerability - By Open Service - My Assigned Vulnerabilities |
arielListToolbar | Surveillance | FlowList | Network Activity tab |
customEventListToolbar | EventViewer | EventList | Log Activity tab |
ipPopup | Assets assetprofile assetprofile assetprofile assetprofile | AssetList MyAssignedVulnerabilitiesList ByVulnerabilityInstanceList ByAssetListForm ExceptionRulesList | Right-click IP address on Assets tab, Vulnerability tab - Manage Vulnerabilities - Vulnerability Exception |
userNamePopup | Assets | AssetDetailsVulnList | For example, Assets Tab, click IP Address to View Asset Details, select a row in Vulnerabilities table, right-click Technical User, see right-click View Assets /View Events Also used in Offenses, Log Activity. |
Deprecated GUI Actions
In QRadar V7.3.0 and later, the following GUI actions are deprecated:
- OffenseList
- NetworkList
- HistoricalCorrelationToolbar
- OffenseRuleList
- OffenseDeviceList
- OffenseUserList
- NotesList
- ByAssetListForm
Document Location
Worldwide
Was this topic helpful?
Document Information
Modified date:
30 March 2021
UID
ibm16437499