Support functions
The IBM® QRadar® GUI Application Framework comes with several built-in routes, custom Jinja2 Flask functions, and other helper utilities that support app development.
Overview
All HTTP requests from client-side browsers that go to an app use the following format:
https://<console_ip>/console/plugins/{application_id}/app_proxy/{my_route}
The application_id is the integer value that is assigned during the process of using the installation RESTful endpoints for GUI app creation. The application_id value is recorded in the Application Creation Task state output that is returned when you run the qradar_app_creator deploy command.
In the following example, the application ID is 1023.
Application Creation Task state:
{'status': 'COMPLETED', 'application_id': '1023', 'error_messages': '[]'}
Routes
You can create your own targeted web requests to the app for the routes in the following table:
Route | Format | Description |
---|---|---|
GET /debug |
|
Download your /store/log/app.log file from inside the container for inspection. |
GET /debug_view |
|
Display the contents of the /store/log/app.log file inside your browser window. |
POST /log_level |
|
Dynamically define the level of logging that you want your app to capture. Post a form, with an attribute level that is set to one of the log level values to this endpoint. QRadar dynamically reset the log collection levels in your /store/log/app.log file. |
Accessing your Flask endpoints in views.py
You must use relative paths for your endpoints. Do not use the utility methods q_url_for and get_console_ip to create URLs to access your Flask endpoints. If a console uses a web URL instead of an IP address, all the Flask requests are denied because the request is cross-domain. In that case, your app might not work. If you want to access an endpoint from the main app template level, for an AJAX call, for example, to return some JSON data, use the following URL format:
url_cpu_data = 'cpu_data'
This format routes the method in views.py:
@app.route('/cpu_data', methods=['GET'])
If you are working from a folder at a deeper level, for example, use ../cpu_data to go back a level to reach this endpoint.
Do not use the following format to create a URL to access your endpoint:
url_cpu_data = "{{ q_url_for('cpu_data') }}"
As before, if you go from a web URL to an IP address, this request might be denied because the request is cross-domain and so your app might not work.
If you begin the URL with a slash, it starts the URL from this root:
https://consoleIPaddress/
Here's an example to open a page with the offense ID:
console/qradar/jsp/QRadar.jsp?appName=Sem&pageId=OffenseSummary&summaryId="
+ encodeURIComponent(offense_id)
Here's an example to open a page by running the AQL search query:
/console/do/ariel/arielSearch?appName=EventViewer&pageId=EventList&dispatch=performSearch&value(searchMode)
=AQL&value(timeRangeType)=aqlTime" + "&value(aql)=" + encodeURIComponent(aql_query
Custom Flask methods
The following table describes the Flask custom methods that you can use:
Method | Format | Description |
---|---|---|
q_url_for() |
|
Use this Python method inside your routes in your app's views.py or your
Jinja2 templates. It hides and abstracts the QRadar proxy addresses that are
needed to link together endpoints (routes) or resources (static files and images, for example).
The method is essentially a wrapper around the Flask url_for(..) method. It applies a prefix that pertains to the correct application-specific proxy path URL portion to get to your app's endpoint. The following snippet shows how to use the method in a Jinja2 template to hide the QRadar proxy address of an image resource.
For more information about the Flask url_for(..) method, go to the Flask website. |
getAppBaseURL() |
|
Function to get the full URL through QRadar, that will proxy any request to the appropriate application plug-in servlet. This routine returns a URL string that can be appended to create a URL to reference resources in the application. Typically, the q_url_for() function is used for this purpose but getAppBaseURL() is also supplied for convenience. |
QRadar CSRF token
The QRadar CSRF (cross-site request forgery) token is generated by QRadar to prevent cross-site scripting attempts. For applications that are developed by using QRadar support libraries such as qpylib the use of the CSRF token is seamless.
If you create an app that does not use QRadar qpylib support, you must harvest the token from any application endpoints, or routes, and place it in your own HTTP headers before a REST or exported method call is made in QRadar.