App names, GUI action groups, and page IDs
App names, GUI action groups, and page IDs are identifiers that IBM® QRadar® uses for QRadar products, GUI actions, and UI pages.
The following manifest blocks use these identifiers.
The groups field of the gui_actions block uses GUI action group identifiers to
specify the toolbar or right-click menu where the GUI action is added:
...
"gui_actions": [
{
"id":"sampleToolbarButton",
"text":"Sample Toolbar Button",
"description":"Sample toolbar button that
calls a REST method, passing an offense ID along",
"icon":null,
"rest_method":"sampleToolbarMethod",
"javascript":"alert(result)",
"groups":[ "OffenseListToolbar" ],
"required_capabilities":[ "ADMIN" ]
}
],
..The app_name and page_id fields of the
page_scripts block use the app name and page ID identifiers to specify the QRadar application tab and sub
page into which the page script is added.
...
"page_scripts": [
{
"app_name":"SEM",
" page_id":"OffenseList",
"scripts":["/static/sampleScriptInclude.js"]
}
],
...Supported app names
The following table shows a list of supported app names with descriptions.| App Name | Description |
|---|---|
| assetprofile | Asset Profile (for example, Vulnerabilities: Manage Vulnerabilities, search) |
| Assets | Assets Manager |
| EventViewer | Event Viewer (for example, syslogdestination) |
| Forensics | Incident Forensics |
| QRadar | QRadar (for example, Reference Data) |
| QVM | QRadar Vulnerability Manager |
| Reports | Reports |
| Sem | Offense Management |
| SRM | QRadar Risk Manager |
| Surveillance | Network Surveillance (Flows) |
Supported GUI Actions and corresponding page IDs
The following table describes the supported GUI Actions and corresponding page IDs.
| GUI Action group | App name | Page ID | Location |
|---|---|---|---|
| AssetDetailsToolbar | Assets | AssetDetailsVulnList | Assets - click on IP Address/ Vulnerabilities - Manage Vulnerabilities - By Asset - click on IP Address |
| AssetListToolbar | Assets | AssetList | Asset tab list |
| AssetOwnerToolbar | assetprofile | AssetOwner | Vulnerabilities tab - left panel - Vulnerability Assignment |
| AttackerList | SEM | OffenseSummary | Offense Tab - All Offenses - double-click offense row - right-click row in Top 5 Source IPs section |
| AttackerListSmallToolbar | SEM | OffenseAttackerList | Offenses tab - All Offenses - double-click offense row - click Sources button on Top 5 Source IPs toolbar |
| NetworkAttackerList | Offenses tab - By Network - select row - click Sources button on toolbar to view List of Sources | ||
| TargetAttackerList | Offenses tab - By Destination IP - select row, click Sources button on toolbar to view List of Sources | ||
| AttackerListToolbar | SEM | AttackerList | Offenses tab - By Source IP |
| ByAssetListFormToolbar | assetprofile | ByAssetListForm | Vulnerabilities tab - Manage vulnerabilities - by Asset |
| ByNetworkListToolbar | assetprofile | ByNetworkList | Vulnerabilities tab - Manage vulnerabilities - by Network |
| ByOpenServiceListToolbar | assetprofile | ByOpenServiceList | Vulnerabilities tab - Manage vulnerabilities - by Open Service |
| ByVulnerabilityInstanceListToolbar | assetprofile | ByVulnerabilityInstanceList | Vulnerabilities tab - Manage vulnerabilities - By vulnerability instance - main screen |
| ByVulnerabilityListToolbar | assetprofile | ByVulnerabilityList | Vulnerabilities tab - Manage vulnerabilities - By vulnerability |
| CategoryList | SEM | OffenseSummary | Offenses tab - All Offenses, - double-click row -Top 5 Categories table - right-click a row |
| CategoryListToolbar | SEM | OffenseCategoryList | Offenses Tab - All offenses - double-click row - click Display > Categories in toolbar - List of Event Categories table toolbar |
| DomainListToolbar | QRadar | DomainList | Admin tab - Domain Management |
| EventDetailsToolbar | Event Viewer | EventDetails | Log Activity tab - pause - click row - Events detail toolbar |
| ExceptionRulesListToolbar | assetprofile | ExceptionRulesList | Vulnerabilities tab - Vulnerability exception |
| FlowDetailsToolbar | Surveillance | FlowDetails | Network Activity - double-click on a flow. |
| FlowsourceListToolbar | Surveillance | FlowsourceList | Admin tab - Flow Sources |
| MyAssignedVulnerabilitiesListToolbar | assetprofile | MyAssignedVulnerabilitiesList | Vulnerability tab - My assigned vulnerabilities |
| NetworkHierarchyListToolbar | QRadar | NetworkHierarchyList | Admin tab - Network Hierarchy |
| NetworkListSmallToolbar | SEM | OffenseNetworkList | Offenses tab - All Offenses - double-click row - click Display in toolbar, Networks, Destination Networks table, toolbar, and right click |
| NetworkListToolbar | SEM | NetworkList | Offenses -By Network |
| NetworkSummaryToolbar | SEM | NetworkOffenseList | Offenses Tab - By Network - double-click an offense. |
| ObfuscationProfileContextMenu | QRadar | ObfuscationProfiles | Admin - Data Obfuscation Management |
| ObfuscationRightClick | QRadar | Deprecated | |
| OffenseListSmallToolbar | SEM | AttackerOffenseList | Offenses - double-click a row in Offenses - double-click row in Top 5 SourceIPs - select a row and right click |
| SEM | TargetOffenseList | Offenses - double-click a row in Offenses - double-click row in Top 5 SourceIPs - double-click a row - select a row and right click | |
| OffenseListToolbar | SEM | OffenseList | Offenses tab main page |
| OffenseSummaryToolbar | SEM | OffenseSummary | Offenses tab, double-click Offense - toolbar |
| OffenseDeviceList | Click Display > Log Sources | ||
| OffenseUserList | Click Display > Users | ||
| OffenseRuleList | Click Display > Rules | ||
| OffenseSummaryToolbar | OffenseAttackerList Added in QRadar V.7.3.0 |
Offenses tab, double-click Offense - on toolbar, Click Display > Sources | |
| OffenseCategoryList Added in QRadar V.7.3.0 |
Offenses tab, double-click Offense - on toolbar, Click Display > Categories | ||
| OffenseNetworkList Added in QRadar V.7.3.0 |
Offenses tab, double-click Offense - on toolbar, Click Display > Networks | ||
| OffenseSummaryToolbar | SEM | OffenseAnnotationList Added in QRadar V.7.3.2 |
Click Display > Annotations |
| OffenseSummaryToolbar | SEM | OffenseTargetList Added in QRadar V.7.3.2 |
Click Display > Destinations |
| OffenseSummaryToolbar | SEM | NotesList Added in QRadar V.7.3.2 |
Click Display > Notes |
| ReferenceSetElemsContextMenu | QRadar | ReferenceSetElems | Admin tab- Reference Set Management - View a reference set - Content tab, right-click row |
| ReferenceSetElemsToolbar | QRadar | ReferenceSetElems | Admin tab- Reference Set Management - View a reference set - Content tab |
| ReferenceSetRulesContextMenu | QRadar | ReferenceSetRules | Admin tab - Reference Set Management - View a reference set - References tab, right-click row |
| ReferenceSetRulesToolbar | QRadar | ReferenceSetRules | Admin tab - Reference Set Management - View a reference set - References tab, click row, click toolbar button |
| ReferenceSetsContextMenu | QRadar | ReferenceSets | Admin tab - Reference Set Management - right-click a reference set. |
| ReferenceSetsToolbar | QRadar | ReferenceSets | Admin tab -Reference Set Management |
| ReportTemplateListToolbar | Reports | ReportTemplateListAll | Reports tab toolbar |
| SensorDeviceListToolbar | EventViewer | SensorDeviceList | Admin tab - Log Sources |
| TargetList | SEM | OffenseSummary | Offenses tab - double-click offense, Top 5 Destination IPs table, right-click row. |
| TargetListToolbar | SEM | TargetList | Offenses tab - By Destination IP. |
| TargetSummaryToolbar |
SEM |
TargetOffenseList |
Offenses tab - By Destination IP - double-click offense
|
| TargetNotesList | Offenses tab - By Destination IP - double click offense - click Notes on toolbar | ||
| TargetAttackerList | Offenses tab - By Destination IP - double click offense - click Sources on toolbar | ||
| TenantListToolbar | QRadar | TenantList | Admin tab - Tenant Management |
| VaScannerSchedulesListToolbar | Assets | VaScannerSchedulesList | Admin tab - Schedule VA Scanners |
| VaScannersListToolbar | Assets | VaScannersList | Admin tab - VA Scanners |
| ViewNotesToolbar | SEM | OffenseSummary | Offenses tab - double-click Offense, Last 5 Notes table toolbar |
| ViewOffenseDevicesToolbar | SEM | OffenseSummary | Offenses tab - double-click Offense - Top 5 Log Sources table toolbar |
| ViewoffenseusersToolbar | SEM | OffenseSummary | Offenses tab - double-click Offense, Top 5 Users table toolbar |
| VulnerabilityManagementListPopup | assetprofile | ByAssetListForm, ByNetworkList, ByOpenServiceList, ByVulnerabilityList, MyAssignedVulnerabilitiesList, ByVulnerabilityInstanceList | Vulnerabilities tab - Manage Vulnerabilities - By Network - By Asset - By Vulnerability - By Open Service - My Assigned Vulnerabilities |
| arielListToolbar | Surveillance | FlowList | Network Activity tab |
| customEventListToolbar | EventViewer | EventList | Log Activity tab |
| ipPopup |
Assets assetprofile assetprofile assetprofile assetprofile |
AssetList MyAssignedVulnerabilitiesList ByVulnerabilityInstanceList ByAssetListForm ExceptionRulesList |
Right-click IP address on Assets tab, Vulnerability tab - Manage Vulnerabilities - Vulnerability Exception |
| userNamePopup | Assets | AssetDetailsVulnList |
For example, Assets Tab, click IP Address to View Asset Details, select a row in Vulnerabilities table, right-click Technical User, see right-click View Assets /View Events Also used in Offenses, Log Activity. |
Deprecated GUI actions
In QRadar
V7.3.0 and later, the following GUI
actions are deprecated:
- OffenseList
- NetworkList
- HistoricalCorrelationToolbar
- OffenseRuleList
- OffenseDeviceList
- OffenseUserList
- NotesList
- ByAssetListForm