App names, GUI action groups, and page IDs
App names, GUI action groups, and page IDs are identifiers that IBM® QRadar® uses for QRadar products, GUI actions, and UI pages.
The following manifest blocks use these identifiers.
The groups field of the gui_actions block uses GUI action group identifiers to specify the toolbar or right-click menu where the GUI action is added:
"gui_actions": [
{
"id":"sampleToolbarButton",
"text":"Sample Toolbar Button",
"description":"Sample toolbar button that calls a REST method, passing an offense ID along",
"icon":null,
"rest_method":"sampleToolbarMethod",
"javascript":"alert(result)",
"groups":[ "OffenseListToolbar" ],
"required_capabilities":[ "ADMIN" ]
}
]
The app_name and page_id fields of the page_scripts block use the app name and page ID identifiers to specify the QRadar application tab and sub page into which the page script is added.
"page_scripts": [
{
"app_name":"SEM",
" page_id":"OffenseList",
"scripts":["/static/sampleScriptInclude.js"]
}
],
Supported app names
The following table shows a list of supported app names with descriptions.
Table 1. Supported app names
| App Name | Description |
|---|---|
| assetprofile | Asset Profile (for example, Vulnerabilities: Manage Vulnerabilities, search) |
| Assets | Assets Manager |
| EventViewer | Event Viewer (for example, syslogdestination) |
| Forensics | Incident Forensics |
| QRadar | QRadar (for example, Reference Data) |
| QVM | QRadar Vulnerability Manager |
| Reports | Reports |
| Sem | Offense Management |
| SRM | QRadar Risk Manager |
| Surveillance | Network Surveillance (Flows) |
Supported GUI actions and corresponding page IDs
The following table describes the supported GUI Actions and corresponding page IDs.
Table 2. Supported GUI Actions and Page IDs
| GUI Action group | App name | Page ID | Location |
|---|---|---|---|
| AssetDetailsToolbar | Assets | AssetDetailsVulnList | Click on an IP Address on the Assets tab or on the Vulnerabilities tab, click **Manage Vulnerabilities > By Asset** and then click on an IP Address. |
| AssetListToolbar | Assets | AssetList | Assets tab list |
| AssetOwnerToolbar | assetprofile | AssetOwner | Click **Vulnerability Assignment** on the Vulnerabilities tab. |
| AttackerList | SEM | OffenseSummary | On the Offenses Tab, click **All Offenses**, double-click an offense row, then right-click a row in Top 5 Source IPs table. |
| AttackerListSmallToolbar | SEM | OffenseAttackerList | On the Offenses Tab, click **All Offenses**, double-click an offense row, then click the **Sources** button on Top 5 Source IPs toolbar. |
| NetworkAttackerList | On the Offenses Tab, click **By Network**, select a row, and click the **Sources** button on the toolbar to view a list of sources. | ||
| TargetAttackerList | On the Offenses Tab, click **By Destination IP**, select a row, and click the **Sources** button on the toolbar to view a list of sources. | ||
| AttackerListToolbar | SEM | AttackerList | On the Offenses tab, click **By Source IP** |
| ByAssetListFormToolbar | assetprofile | ByAssetListForm | On the Vulnerabilities tab, click **Manage vulnerabilities > By Asset**. |
| ByNetworkListToolbar | assetprofile | ByNetworkList | On the Vulnerabilities tab, click **Manage vulnerabilities > By Network**. |
| ByOpenServiceListToolbar | assetprofile | ByOpenServiceList | On the Vulnerabilities tab, click **Manage vulnerabilities > By Open Service**. |
| ByVulnerabilityInstanceListToolbar | assetprofile | ByVulnerabilityInstanceList | On the Vulnerabilities tab, click **Manage vulnerabilities**. |
| ByVulnerabilityListToolbar | assetprofile | ByVulnerabilityList | On the Vulnerabilities tab, click **Manage vulnerabilities > By Vulnerability**. |
| CategoryList | SEM | OffenseSummary | On the Offenses tab, click **All Offenses**, double-click a row in the Offenses table, then right-click a row in the Top 5 Categories table. |
| CategoryListToolbar | SEM | OffenseCategoryList | On the Offenses tab, click **All Offenses**, double-click a row in the Offenses table, then click **Display > Categories** on the toolbar. See the List of Event Categories table. |
| DomainListToolbar | QRadar | DomainList | On the Admin tab, click **Domain Management**. |
| EventDetailsToolbar | Event Viewer | EventDetails | On the Log Activity tab, click **Pause**, then click a row in the Events table. |
| ExceptionRulesListToolbar | assetprofile | ExceptionRulesList | On the Vulnerabilities tab, click **Vulnerability exception**. |
| FlowDetailsToolbar | Surveillance | FlowDetails | On the Network Activity tab, double-click on a flow. |
| FlowsourceListToolbar | Surveillance | FlowsourceList | On the Admin tab, click **Flow Sources**. |
| MyAssignedVulnerabilitiesListToolbar | assetprofile | MyAssignedVulnerabilitiesList | On the Vulnerability tab, click **My Assigned Vulnerabilities**. |
| NetworkHierarchyListToolbar | QRadar | NetworkHierarchyList | On the Admin tab, click **Network Hierarchy**. |
| NetworkListSmallToolbar | SEM | OffenseNetworkList | On the Offenses tab, click **All Offenses**, double-click a row, click **Display > Networks** on the toolbar, then right-click a row in the Destination Networks table. |
| NetworkListToolbar | SEM | NetworkList | On the Offenses tab, click **By Network**. |
| NetworkSummaryToolbar | SEM | NetworkOffenseList | On the Offenses tab, click **By Network**, then double-click an offense. |
| ObfuscationProfileContextMenu | QRadar | ObfuscationProfiles | On the Admin tab, click **Data Obfuscation Management**. |
| ObfuscationRightClick | QRadar | Deprecated | |
| OffenseListSmallToolbar | SEM | AttackerOffenseList | On the Offenses tab, double-click a row in the Offenses table, double-click a row in the Top 5 SourceIPs table, then right-click a row in the List of Offenses. |
| SEM | TargetOffenseList | On the Offenses tab, double-click a row in the Offenses table, double-click a row in the Top 5 SourceIPs table, double-click a row in the List of Offenses, then right click. | |
| OffenseListToolbar | SEM | OffenseList | Offenses tab main page |
| OffenseSummaryToolbar | SEM | OffenseSummary | On the Offenses tab, double-click a row in the Offenses table to see the toolbar. |
| OffenseDeviceList | On the toolbar, click **Display > Log Sources**. | ||
| OffenseUserList | On the toolbar, click **Display > Users**. | ||
| OffenseRuleList | On the toolbar, click **Display > Rules**. | ||
| OffenseSummaryToolbar | OffenseAttackerList Added in QRadar V.7.3.0 | On the Offenses tab, double-click a row in the Offenses table, then click **Display > Sources** on the toolbar. | |
| OffenseCategoryList Added in QRadar V.7.3.0 | On the Offenses tab, double-click a row in the Offenses table, then click **Display > Categories** on the toolbar. | ||
| OffenseNetworkList Added in QRadar V.7.3.0 | On the Offenses tab, double-click a row in the Offenses table, then click **Display > Networks** on the toolbar. | ||
| OffenseSummaryToolbar | SEM | OffenseAnnotationList Added in QRadar V.7.3.2 | On the Offenses tab, double-click a row in the Offenses table, then click **lick Display > Annotations** on the toolbar. |
| OffenseSummaryToolbar | SEM | OffenseTargetList Added in QRadar V.7.3.2 | On the Offenses tab, double-click a row in the Offenses table, then click **Display > Destinations** on the toolbar. |
| OffenseSummaryToolbar | SEM | NotesList Added in QRadar V.7.3.2 | On the Offenses tab, double-click a row in the Offenses table, then click **Display > Notes** on the toolbar. |
| ReferenceSetElemsContextMenu | QRadar | ReferenceSetElems | On the Admin tab, click **Reference Set Management**. Double-click a reference set, then right-click a row on the Content tab. |
| ReferenceSetElemsToolbar | QRadar | ReferenceSetElems | On the Admin tab, click **Reference Set Management**. Double-click a reference set to see the Content tab. |
| ReferenceSetRulesContextMenu | QRadar | ReferenceSetRules | On the Admin tab, click **Reference Set Management**. Double-click a reference set, select the References tab, then right-click a row. |
| ReferenceSetRulesToolbar | QRadar | ReferenceSetRules | On the Admin tab, click **Reference Set Management**. Double-click a reference set, select the References tab, select a row, then click the **Toolbar** button |
| ReferenceSetsContextMenu | QRadar | ReferenceSets | On the Admin tab, click **Reference Set Management**, then right-click a reference set. |
| ReferenceSetsToolbar | QRadar | ReferenceSets | On the Admin tab, click **Reference Set Management**. |
| ReportTemplateListToolbar | Reports | ReportTemplateListAll | Reports tab toolbar |
| ScanPolicyVulnerabilityListToolbar | assetprofile | ScanPolicyVulnerabilityList | On the Vulnerabilities tab, click **Administrative > Scan Policies > Add > Scan Type Patch > Vulnerabilities Tab**, then click **Add**. The GUI action appears on the toolbar. |
| ScanResultsListToolbar | QVM | ScanResultsList | On the Vulnerabilities Tab, click **Scan Results**. |
| SensorDeviceListToolbar | EventViewer | SensorDeviceList | On the Admin tab, click **Log Sources**. |
| TargetList | SEM | OffenseSummary | On the Offenses tab, double-click a row in the Offenses table, then right-click a row in the Top 5 Destination IPs table. |
| TargetListToolbar | SEM | TargetList | On the Offenses tab, click **By Destination IP**. |
| TargetSummaryToolbar | SEM | TargetOffenseList | On the Offenses tab, click **By Destination IP**, then double-click an offense. |
| TargetNotesList | On the Offenses tab, click **By Destination IP**, double-click an offense, then click **Notes** on the toolbar. | ||
| TargetAttackerList | On the Offenses tab, click **By Destination IP**, double-click an offense, then click **Sources** on the toolbar. | ||
| TenantListToolbar | QRadar | TenantList | On the Admin tab, click **Tenant Management**. |
| VaScannerSchedulesListToolbar | Assets | VaScannerSchedulesList | On the Admin tab, click **Schedule VA Scanners**. |
| VaScannersListToolbar | Assets | VaScannersList | On the Admin tab, click **VA Scanners**. |
| ViewNotesToolbar | SEM | OffenseSummary | On the Offenses tab, double-click a row in the Offenses table. See the toolbar on the Last 5 Notes table. |
| ViewOffenseDevicesToolbar | SEM | OffenseSummary | On the Offenses tab, double-click a row in the Offenses table. See the toolbar on the Top 5 Log Sources table. |
| ViewoffenseusersToolbar | SEM | OffenseSummary | On the Offenses tab, double-click a row in the Offenses table. See the toolbar on the Top 5 Users table. |
| VulnerabilityManagementListPopup | assetprofile | ByAssetListForm, ByNetworkList, ByOpenServiceList, ByVulnerabilityList, MyAssignedVulnerabilitiesList, ByVulnerabilityInstanceList | On the Vulnerabilities tab, see the following options:
|
| arielListToolbar | Surveillance | FlowList | Network Activity tab |
| customEventListToolbar | EventViewer | EventList | Log Activity tab |
| ipPopup | Assets assetprofile assetprofile assetprofile assetprofile | AssetList MyAssignedVulnerabilitiesList ByVulnerabilityInstanceList ByAssetListForm ExceptionRulesList | Right-click an IP address on the Assets tab, or on the Vulnerability tab, click **Manage Vulnerabilities > Vulnerability Exception**. |
| userNamePopup | Assets | AssetDetailsVulnList | On the Assets Tab, click an IP Address to view Asset Details. Select a row in the Vulnerabilities table, right-click **Technical User**, then right-click **View Assets**. View Events Also used in Offenses and Log Activity. |
Deprecated GUI actions
In QRadar V7.3.0 and later, the following GUI actions are deprecated:
- OffenseList
- NetworkList
- HistoricalCorrelationToolbar
- OffenseRuleList
- OffenseDeviceList
- OffenseUserList
- NotesList
- ByAssetListForm