Named service sample app
This example shows how to run a Node.js server as a named service with a single endpoint. The app takes data that is served from the service's endpoint and displays it on a new tab in the QRadar® UI.
Because this example uses Node.js rather than Flask as the web application framework, the Node.js runtime environment is installed as a source dependency in the app's /src_deps/init folder. For more information about using source dependencies, see Installing Node.js as a source dependency.
manifest.json
The sample app's manifest file tells QRadar to run the web server script. It defines the port that the web server monitors from, and a service with an endpoint that retrieves the data resource.
For more information about the services object type, see Services type
{
"name":"Named service example",
"description":"Named service example",
"version":"1.0",
"load_flask": "false", 1
"uuid":"ed9f7033-159b-4697-8c2a-0744010dcf49",
"services": 2
[
{
"command": "node /node_app/app/server.js", 3
"directory": "/node_app", 4
"endpoints": 5
[
{
"name": "listusers",
"path":"/list_users",
"http_method": "GET"
}
],
"name": "nodejsservice", 6
"path":"/list_users", 7
"port": 5000, 8
"version": "1"
}
],
"areas":
[ 9
{
"id":"multins",
"text":"multins",
"description":"named service example",
"url":"list_users",
"named_service":"nodejsservice",
"required_capabilities":["ADMIN"]
}
]
}
- Flask is not loaded because the app uses Node.js to serve content.
- The services block defines the service name, version, and any endpoints it uses. In addition, supervisord configuration parameters can also be added here. For a full list of available parameters, see Table 3.
- This command is used by the Node.js runtime environment to run the web server script.
- The path to the directory that supervisord changes to before it executes the child process.
- The endpoint to be implemented by the service. The GET listusers endpoint retrieves a list of
users that is stored in a JSON source file, users.json.
For more information about the endpoints field configuration parameters, see Table 2.
- The name of the service that must be referenced in the name_service fields of objects that want to use the service.
- The URL that is used to access the endpoint.
- The port number that the web server listens on. Because Flask is not being used here, the port must be set.
- The area block adds a tab to the QRadar UI that displays the list of users and their associated data that is retrieved by the service's listusers endpoint.
/node_app/server/server.js
As Flask is not being used in this example, no views.py is required for the app. The following section contains the web server code that serves the JSON content.
var express = require('express');
var app = express();
var fs = require("fs");
app.use(express.static('public')); 1
app.get('/list_users', function (req, res) { 2
fs.readFile( __dirname + "/" + "users.json", 'utf8', function (err, data) {
console.log( data );
res.send( data );
});
})
var server = app.listen(5000, function () { 3
var host = server.address().address
var port = server.address().port
console.log("Example app listening at http://%s:%s", host, port)
})
- This function notifies the Node.js server to serve the content from the node_app/public folder.
- This function retrieves the content from the /node_app/server/users.json file.
- The app.listen function sets the port that the server listens on. The port must be the same as you configured in the app's manifest.
/node_app/server/users.json
In this example, the /node_app/server/users.json file is used as the data source.
{
"user1" : {
"name" : "mahesh",
"password" : "password1",
"profession" : "teacher",
"id": 1
},
"user2" : {
"name" : "suresh",
"password" : "password2",
"profession" : "librarian",
"id": 2
},
"user3" : {
"name" : "ramesh",
"password" : "password3",
"profession" : "clerk",
"id": 3
}
}