Application manifest structure
The manifest is a JSON file that describes the capabilities that the app provides to IBM® QRadar®.
The following table describes the fields that you can include in the manifest.json file.
Table 1. Application manifest fields
| Field | Required | Type | Description |
|---|---|---|---|
| name | Yes | String | The user-readable name of the app. If the app is globalized, this field can optionally point at a resource bundle key. |
| description | Yes | String | The user-readable description of the app. If the application is globalized, this field can optionally point at a resource bundle. |
| version | Yes | String | A version string for the app. We recommend you use the following format: `x.x.x`. </br>**Example:** `1.0.0` |
| uuid | Yes | String | An RFC 4122-compliant universally unique identifier for the application. </br> The create command uses the Python UUID package to generate a random 128-bit number for the uuid value. </br> **Note:** If you do not use the SDK to create the app manifest file, you must manually enter a unique value in the uuid field. |
| image | No | String | The base image name to use when building your application. If none is specified, the default base image is used |
| authentication | No | String | Authorization for the app to access QRadar. The only mandatory entry is “requested_capabilities”: [""]. </br> For example, admin is a commonly used user capability. Enter at least one supported QRadar user capability. The installation fails if any of the requested_capabilities are not defined in QRadar. |
| load_flask | No | Boolean | Set to false if you don’t want to make Python Flask framework available to your app. **Tip:** Disable Flask if you want your app to use a different web application framework. </br> If not specified, this field defaults to true. |
| add_app_capability | No | Boolean | Set to false if you don’t want to add a user role setting for your app. This flag is available for QRadar version 7.5.0 UP4 and later. It is ignored in previous versions. </br> If not specified, this field defaults to true, and a user role is added automatically. |
| areas | No | Array of Area Type | Area objects describe new complete pages of the application. In QRadar, Area objects are represented as tabs. |
| rest_methods | No | Array of REST Method Type | REST Method objects describe REST methods that the app exposes. REST Method objects are required parameters for Dashboard Items and Metadata Providers, and are optional for GUI Actions. |
| dashboard_items | No | Array of Dashboard Item Type | Dashboard Item objects describe the contents of new items that you want to expose to the QRadar dashboard. |
| configuration_pages | No | Array of Configuration Page Type | Configuration Page objects describe new complete pages of the app that represent configuration. In QRadar, configuration pages are opened from the Admin tab. |
| gui_actions | No | Array of GUI Action Type | GUI Action objects describe new actions that can be performed on items in the user interface by page toolbars or by right-click menus. |
| page_scripts | No | Array of Page Script type | Page Script objects describe new JavaScript files that you want to include within an existing page in QRadar. By default, these scripts run in their own namespace. |
| metadata_providers | No | Array of Metadata Provider type | Metadata Provider objects describe REST methods that can be called to fetch new metadata information for certain data types in QRadar </br>**Example:** IP </br>Metadata is displayed in a tooltip when the user hovers over an item. |
| resource_bundles | No | Array of Resource Bundle type | Resource Bundle objects are used for language locales and locale properties file locations. |
| resources | No | Integer | Resource objects are used to configure the amount of memory (in megabytes) that is available for the app to use. |
| fragments | No | Array of Fragments type | Fragment objects are used to determine the injection point in the QRadar UI where content is added and the rest endpoint that is used to retrieve the content. |
| custom_columns | No | Array of Custom Columns type | Custom column objects are used to identify the context (the page and table in the QRadar UI) where a custom column is added, a label for the column header, the type of data to be added, and the rest endpoint that is used to add the column content. |
| multitenancy_safe | No | Boolean | If set to true, this key indicates that your application can work in a multi-tenant environment. If not set to true, it indicates that only one instance of your app can be created, and any user who is a member of a tenant is not able to see it. </br> If not specified, the default is false. |
| single_instance_only | No | Boolean | If set to true, only one instance of this app can be created. Typically, this indicates that this application can either provide multi-tenancy support itself, or that use of this application is meant only for administrators. If multitenancy_safe is also not set true, then users who are a member of a tenant cannot see this app. If multitenancy_safe is also set to true, then all users can see the app. </br> If not specified, the default is false. |
| use_qradar_csrf | No | Boolean | If set to true, csrf support is handled by QRadar for the app. </br>If not specified, the default is false. |
| environment_variables | No | Array of Environment Variable type | Environment variable objects are used to specify environment variables that will be available within the container during runtime |
| services | No | Array of Service type | Service objects are used to define named services, service endpoints, and supervisord configuration parameters. |