QRadar: Ariel Right Click Properties Troubleshooting

Steps

1. Create a property in the DSM Editor. In this example, we create two new properties: Test_Field_1 and Test Field 2.
   
2. Check that the property exists in the Database by using the following commands:

   psql -U qradar -c "\x" -c "select propertyname from Ariel_regex_property where propertyname like '%Test%';"  

   Example output:

   [ RECORD 1 ]+--------------
   propertyname | Test_Field_1
   
   [ RECORD 2 ]+--------------
   propertyname | Test Field 2

3. Set up the configuration file. Modify /opt/qradar/conf/arielRightClick.properties by using the following example template:
   Note: It is case-sensitive and the same format defined in pluginActions must be consistent with the properties. 

   pluginActions=XFE_URL_Lookup,Test_Field_1,Test Field 2
   
   # begin XFE integration.   #(Integrated in QRadar by IBM)
   
   XFE_URL_Lookup.arielProperty=URL
   XFE_URL_Lookup.text=X-Force Exchange Lookup
   XFE_URL_Lookup.url=https://exchange.xforce.ibmcloud.com/#/url/$URL$
   
   
   # end XFE integration
   
   Test_Field_1.arielProperty=Test_Field_1  #(My manually-defined property 1)
   Test_Field_1.text=Test Field 1 test
   Testl_Field_1.url=https://www.virustotal.com/#/search/$Test_Field_1$
   
   Test Field 2.arielProperty=Test Field 2  #(My manually-defined property 2)
   Test Field 2.text=Test Field 2 test
   Test Field 2.url=https://www.virustotal.com/#/search/$Test Field 2$

4. Restart Tomcat by using the following command:

   systemctl restart tomcat

5. From the QRadar GUI, navigate to Log Activity > New search and add the new custom fields (Test_Field_1 a Test Field 2) into Columns and click the Filter button. 
   
6.  Filter the traffic needed by hovering over one of the newly defined columns, right-clicking, then selecting Plugin Options and your new property. The property is Test Field 2 test in this example.