Add right-click functionality
Add right-click functionality to a tab your app created in IBM® QRadar®.
Note: If you include the right-click GUI action in the manifest without adding an implementation
of the action, the right-click menu fails to load.
This example shows how to use the
right-click GUI Action to capture an IP address and pass the information to custom JavaScript. Use
the right-click menu on the QRadar
Log Activity tab to capture an IP address of an event. Pass the IP address to
a custom tab. Use a button on the custom tab to initiate a search for events that contain the
captured IP address.manifest.json
...
"areas": [ 1
{
"url": "index",
"text": "RtClick",
"required_capabilities": ["ADMIN"],
"id": "QRtClick",
"description": "An app to POC Right Click"
}
],
"gui_actions" : [ 2
{
"id" : "rtClickEventIP",
"text" : "Get row info from right click",
"description" : "Right click on a row, get all the info",
"icon": null,
"rest_method": "rtgetcontext", 3
"javascript" : "clickme(result)",
"groups" : ["ipPopup"], 4
"required_capabilities" : ["ADMIN"]
}
],
"rest_methods" : [ 5
{
"name":"rtgetcontext",
"url":"/getcontext",
"method":"GET",
"argument_names":["context"]
}
],
"page_scripts" : [ 6
{
"app_name":"EventViewer",
"page_id":"EventList",
"scripts" : ["static/clickme.js"]
}
]
...app/views.py
__author__ = 'IBM'
from app import app
from flask import jsonify, request, render_template
import json
from qpylib import qpylib
@app.route('/')
@app.route('/index')
def index():
other_data = request.args.get("otherdata");
context = request.args.get("context");
if context is None:
context = ""
if other_data is None:
other_data = ""
qpylib.log("Displaying context" + str(context));
return render_template("index.html", context=context, other=other_data)
@app.route('/getcontext', methods=['GET'])
def get_context():
context = request.args.get("context")
qpylib.log("Setting the results to: " + context)
return json.dumps({"app_id":qpylib.get_app_id(),"context":context})app/static/clickme.js
function clickme(result) {
var app_id = ""
var context = ""
if (result) {
app_id = encodeURI(result.app_id)
context = encodeURI(result.context)
}
var d = new Date();
var n = d.getTime();
var otherData = "Something passed from Javascript"
console.log("Hey, you right clicked on me");
console.log(result)app/templates/index.html
<html>
<body>
<script>
var gotoTab = function() {
var url = "/console/do/ariel/arielSearch?appName=
EventViewer&pageId=EventList&dispatch=performSearch&value(searchMode)=
AQL&searchOrigin=SEARCH_RESULTS_AQL&value(timeRangeType)=
aqlTime&value(interval)=300000&value(searchName)
=&value(searchId)=null&value(aql)
=select%20*%20from%20events%20where%20destinationip%20%3D%20%27" +
"{{context}}" + "%27%20LAST%2012%20HOURS&value(aqlLines)
=%5B%22select%20*%20from%20events%20where%20destinationip%20%3D%20%27" +
"{{context}}" + "%27%20LAST%2012%20HOURS%22%5D&value(recordsLimit)="
top.setActiveTab("EventViewer", url )
}
</script>
<div>
<ul>
<li>Received context data from QRadar: {{context}}</li>
<li>Received other data from Javascript: {{other}}</li>
<li><button onclick="gotoTab()">Search for events with
sourceip of {{context}}</button>
</ul>
</div>
</body>
</html>