Named service sample app

This example shows how to run a Node.js server as a named service with a single endpoint. The app takes data that is served from the service's endpoint and displays it on a new tab in the QRadar® UI.

Named service Node.js example

Because this example uses Node.js rather than Flask as the web application framework, the Node.js runtime environment is installed as a source dependency in the app's /src_deps/init folder. For more information about using source dependencies, see Installing Node.js as a source dependency.

manifest.json

The sample app's manifest file tells QRadar to run the web server script. It defines the port that the web server monitors from, and a service with an endpoint that retrieves the data resource.

For more information about the services object type, see Services type

{
	"name":"Named service example",
	"description":"Named service example",
	"version":"1.0",
	"load_flask": "false",  1 
	"uuid":"ed9f7033-159b-4697-8c2a-0744010dcf49",

	"services":  2 
             [ 
			{
			"command": "node /node_app/app/server.js", 3 
			"directory": "/node_app", 4 
			"endpoints":   5 
                      [ 
				{
					"name": "listusers", 
					"path":"/list_users",
					"http_method": "GET"
				}				
			   ],
			 "name": "nodejsservice",  6 
			 "path":"/list_users",  7 
			 "port": 5000,  8 
			 "version": "1"
			}
	         ],

	 "areas": 
             [  9 
		    {
			"id":"multins",
			"text":"multins",
			"description":"named service example",
			"url":"list_users",
			"named_service":"nodejsservice", 
			"required_capabilities":["ADMIN"]
		      }
	        ]
}
  1. Flask is not loaded because the app uses Node.js to serve content.
  2. The services block defines the service name, version, and any endpoints it uses. In addition, supervisord configuration parameters can also be added here. For a full list of available parameters, see Table 3.
  3. This command is used by the Node.js runtime environment to run the web server script.
  4. The path to the directory that supervisord changes to before it executes the child process.
  5. The endpoint to be implemented by the service. The GET listusers endpoint retrieves a list of users that is stored in a JSON source file, users.json.

    For more information about the endpoints field configuration parameters, see Table 2.

  6. The name of the service that must be referenced in the name_service fields of objects that want to use the service.
  7. The URL that is used to access the endpoint.
  8. The port number that the web server listens on. Because Flask is not being used here, the port must be set.
  9. The area block adds a tab to the QRadar UI that displays the list of users and their associated data that is retrieved by the service's listusers endpoint.

/node_app/server/server.js

As Flask is not being used in this example, no views.py is required for the app. The following section contains the web server code that serves the JSON content.

var express = require('express');
var app = express();
var fs = require("fs");

app.use(express.static('public'));  1 

app.get('/list_users', function (req, res) {  2 
   fs.readFile( __dirname + "/" + "users.json", 'utf8', function (err, data) {
       console.log( data );
       res.send( data );
   });
})

var server = app.listen(5000, function () {  3 

  var host = server.address().address
  var port = server.address().port

  console.log("Example app listening at http://%s:%s", host, port)

})
  1. This function notifies the Node.js server to serve the content from the node_app/public folder.
  2. This function retrieves the content from the /node_app/server/users.json file.
  3. The app.listen function sets the port that the server listens on. The port must be the same as you configured in the app's manifest.

/node_app/server/users.json

In this example, the /node_app/server/users.json file is used as the data source.

{
   "user1" : {
      "name" : "mahesh",
      "password" : "password1",
      "profession" : "teacher",
      "id": 1
   },
   "user2" : {
      "name" : "suresh",
      "password" : "password2",
      "profession" : "librarian",
      "id": 2
   },
   "user3" : {
      "name" : "ramesh",
      "password" : "password3",
      "profession" : "clerk",
      "id": 3
   }
}