Application manifest structure

The manifest is a JSON file that describes the capabilities that the app provides to IBM® QRadar®.

The following table describes the fields that you can include in the manifest.json file.

Table 1. Application manifest fields

Field Required Type Description
name Yes String The user-readable name of the app. If the app is globalized, this field can optionally point at a resource bundle key.
description Yes String The user-readable description of the app. If the application is globalized, this field can optionally point at a resource bundle.
version Yes String A version string for the app. We recommend you use the following format: `x.x.x`. </br>**Example:** `1.0.0`
uuid Yes String An RFC 4122-compliant universally unique identifier for the application. </br> The create command uses the Python UUID package to generate a random 128-bit number for the uuid value. </br> **Note:** If you do not use the SDK to create the app manifest file, you must manually enter a unique value in the uuid field.
image No String The base image name to use when building your application. If none is specified, the default base image is used
authentication No String Authorization for the app to access QRadar. The only mandatory entry is “requested_capabilities”: [""]. </br> For example, admin is a commonly used user capability. Enter at least one supported QRadar user capability. The installation fails if any of the requested_capabilities are not defined in QRadar.
load_flask No Boolean Set to false if you don’t want to make Python Flask framework available to your app. **Tip:** Disable Flask if you want your app to use a different web application framework. </br> If not specified, this field defaults to true.
add_app_capability No Boolean Set to false if you don’t want to add a user role setting for your app. This flag is available for QRadar version 7.5.0 UP4 and later. It is ignored in previous versions. </br> If not specified, this field defaults to true, and a user role is added automatically.
areas No Array of Area Type Area objects describe new complete pages of the application. In QRadar, Area objects are represented as tabs.
rest_methods No Array of REST Method Type REST Method objects describe REST methods that the app exposes. REST Method objects are required parameters for Dashboard Items and Metadata Providers, and are optional for GUI Actions.
dashboard_items No Array of Dashboard Item Type Dashboard Item objects describe the contents of new items that you want to expose to the QRadar dashboard.
configuration_pages No Array of Configuration Page Type Configuration Page objects describe new complete pages of the app that represent configuration. In QRadar, configuration pages are opened from the Admin tab.
gui_actions No Array of GUI Action Type GUI Action objects describe new actions that can be performed on items in the user interface by page toolbars or by right-click menus.
page_scripts No Array of Page Script type Page Script objects describe new JavaScript files that you want to include within an existing page in QRadar. By default, these scripts run in their own namespace.
metadata_providers No Array of Metadata Provider type Metadata Provider objects describe REST methods that can be called to fetch new metadata information for certain data types in QRadar </br>**Example:** IP </br>Metadata is displayed in a tooltip when the user hovers over an item.
resource_bundles No Array of Resource Bundle type Resource Bundle objects are used for language locales and locale properties file locations.
resources No Integer Resource objects are used to configure the amount of memory (in megabytes) that is available for the app to use.
fragments No Array of Fragments type Fragment objects are used to determine the injection point in the QRadar UI where content is added and the rest endpoint that is used to retrieve the content.
custom_columns No Array of Custom Columns type Custom column objects are used to identify the context (the page and table in the QRadar UI) where a custom column is added, a label for the column header, the type of data to be added, and the rest endpoint that is used to add the column content.
multitenancy_safe No Boolean If set to true, this key indicates that your application can work in a multi-tenant environment. If not set to true, it indicates that only one instance of your app can be created, and any user who is a member of a tenant is not able to see it. </br> If not specified, the default is false.
single_instance_only No Boolean If set to true, only one instance of this app can be created. Typically, this indicates that this application can either provide multi-tenancy support itself, or that use of this application is meant only for administrators. If multitenancy_safe is also not set true, then users who are a member of a tenant cannot see this app. If multitenancy_safe is also set to true, then all users can see the app. </br> If not specified, the default is false.
use_qradar_csrf No Boolean If set to true, csrf support is handled by QRadar for the app. </br>If not specified, the default is false.
environment_variables No Array of Environment Variable type Environment variable objects are used to specify environment variables that will be available within the container during runtime
services No Array of Service type Service objects are used to define named services, service endpoints, and supervisord configuration parameters.