Skip to content
QJSLib CI edited this page May 17, 2019 · 1 revision

QRadar

Static class providing utility functions for QRadar

Kind: global class

QRadar.getApplicationId() ⇒ Number

Returns the id of the current application.

This function can only be used where JavaScript is included using the page_scripts section of an application manifest.json file.

Kind: static method of QRadar
Returns: Number - The id of the current application.
Throws:

  • Error if application could not be identified.

QRadar.getApplicationBaseUrl([id]) ⇒ String

Returns the base URL of an application.

The format of the returned URL is: https://<ip address>/console/plugins/<app id>/app_proxy

This function can only be used where JavaScript is included using the page_scripts section of an application manifest.json file.

Kind: static method of QRadar
Returns: String - The base URL of an application.
Throws:

  • Error if id was not supplied and the current application could not be identified.
Param Type Description
[id] Number The id of an application to get the base URL for. If not supplied, the id of the current application is used.

QRadar.getSelectedRows() ⇒ Array

Returns the ids of selected rows on a list page such as the offense or asset list.

Kind: static method of QRadar
Returns: Array - The ids of the selected rows. If no rows are selected, the array will be empty.
Throws:

  • Error if the current page does not contain a table of selectable rows.

QRadar.getItemId() ⇒ String

Returns the id of the item being viewed (e.g. asset, offense).

Kind: static method of QRadar
Returns: String - Item id.
Throws:

  • Error if the current page does not support item identification.

QRadar.rest(args)

Calls a REST method using an XMLHttpRequest.

Kind: static method of QRadar
Throws:

  • Error if any required arguments are missing.
Param Type Default Description
args Object
args.httpMethod String The HTTP method to use (GET/PUT/POST/DELETE).
args.path String The path to the REST endpoint.
  • To call a QRadar REST API, path must start with "/api".
  • To call a REST endpoint in your application, path must start with "/application".
  • Any other path must be a fully-qualified URL, otherwise the function behaviour is undefined.
[args.body] String The data to POST or PUT.
[args.onComplete] function Callback function to be invoked when the REST request finishes. The function can access the XMLHttpRequest using "this".
[args.onError] function Callback function to be invoked if the REST request fails to complete.
[args.headers] Array Headers to be supplied with the REST request. Each array entry should be a JSON object with "name" and "value" properties.
[args.contentType] String "application/json" MIME type of a POST or PUT request. Default value is used only if Content-Type is not supplied in args.headers.
[args.timeout] Number HTTP timeout, in milliseconds, to be supplied with an asynchronous REST request. If args.async is false, the timeout is ignored.
[args.async] boolean true Set to false to make a synchronous request. WARNING: this is not recommended.

QRadar.fetch(path, options) ⇒

Uses the fetch API (or polyfilled alternative) to make a HTTP request, returning a promise.

Kind: static method of QRadar
Returns: Fetch promise that when resolved executed the request

Param Type Description
path String The path to the endpoint.
  • To call a QRadar REST API, path must start with "/api".
  • To call a REST endpoint in your application, path must start with "/application".
  • Any other path must be a fully-qualified URL, otherwise the function behaviour is undefined.
options Object Fetch options, defining method, headers etc. Includes a timeout. See https://developer.mozilla.org/en-US/docs/Web/API/Fetch_API/Using_Fetch#Supplying_request_options
[args.timeout] Number How long to wait before timing out the request, default 10000ms (10 seconds)
[args.credentials] String CORS credentials type to use, default "same-origin"
[args.headers] Array Headers included in the request, default ["Content-Type": "application/json"]

QRadar.getCurrentUser() ⇒ Object

Returns information on the currently logged in QRadar user, including their name and role.

Kind: static method of QRadar
Returns: Object - The currently logged in QRadar user. WARNING this function uses a synchronous JavaScript call.

QRadar.openOffense(offenseId, [openWindow])

Opens the details page of an offense, either in a new window or in the Offenses tab.

Kind: static method of QRadar
Throws:

  • Error if offenseId is not supplied or if the offense could not be displayed.
Param Type Default Description
offenseId String | Number The id of the offense to be viewed.
[openWindow] boolean true If true, open the result in a new window. Otherwise, open in the Offenses tab.

QRadar.openAsset(assetId, [openWindow])

Opens the details page of an asset, either in a new window or in the Assets tab.

Kind: static method of QRadar
Throws:

  • Error if assetId is not supplied or if the asset could not be displayed.
Param Type Default Description
assetId String | Number The id of the asset to be viewed.
[openWindow] boolean true If true, open the result in a new window. Otherwise, open in the Assets tab.

QRadar.openAssetForIpAddress(ipAddress, [openWindow])

Opens the details page of an asset for an IP address, either in a new window or in the Assets tab.

Kind: static method of QRadar
Throws:

  • Error if ipAddress is not supplied or if the asset could not be displayed.
Param Type Default Description
ipAddress String The IP address of the asset to be viewed.
[openWindow] boolean true If true, open the result in a new window. Otherwise, open in the Assets tab.

QRadar.openEventSearch(aql, [openWindow])

Runs an event search with the specified AQL string, either in a new window or the Event Viewer tab.

Kind: static method of QRadar
Throws:

  • Error if aql is not supplied or if the search results could not be displayed.
Param Type Default Description
aql String The AQL search string to execute.
[openWindow] boolean true If true, open the search in a new window. Otherwise, open in the Event Viewer tab.

QRadar.openFlowSearch(aql, [openWindow])

Runs a flow search with the specified AQL string, either in a new window or the Flow Viewer tab.

Kind: static method of QRadar
Throws:

  • Error if aql is not supplied or if the search results could not be displayed.
Param Type Default Description
aql String The AQL search string to execute.
[openWindow] boolean true If true, open the search in a new window. Otherwise, open in the Flow Viewer tab.

QRadar.getNamedService(services, serviceName, serviceVersion) ⇒ Object

Selects and returns a service from a list retrieved by a /gui_app_framework/named_services REST API call.

Kind: static method of QRadar
Returns: Object - The service with the given name and version from the services list.
Throws:

  • Error if the services list did not contain an entry with the given name and version.
Param Type Description
services Array The array returned by /gui_app_framework/named_services.
serviceName String The name of the service to look for in services.
serviceVersion String The version of the service to look for in services.

QRadar.getNamedServiceEndpoint(service, endpointName) ⇒ Object

Selects and returns a service endpoint.

Kind: static method of QRadar
Returns: Object - The service endpoint with the given name.
Throws:

  • Error if the service object did not contain an endpoint with the given name.
Param Type Description
service Object A service object as returned by getNamedService.
endpointName String The name of the endpoint to look for in the service object.

QRadar.buildNamedServiceEndpointRestArgs(restArgs, endpoint, [parameterValues], [bodyValue]) ⇒ Object

Populates an arguments object to be used in a rest call to a named service endpoint.

Kind: static method of QRadar
Returns: Object - restArgs populated with properties from endpoint, parameterValues and bodyValue.
Throws:

  • Error if a parameterValue property was not supplied for each endpoint PATH parameter.

See: rest

Param Type Description
restArgs Object A possibly empty object which will be populated with arguments for a call to rest. The properties of restArgs which can be populated by this function are: httpMethod, path, body and contentType. All other properties must be populated by the caller.
endpoint Object A service endpoint object as returned by getNamedServiceEndpoint.
[parameterValues] Object Contains properties whose values will be used to populate the endpoint's PATH/QUERY/BODY parameters.
[bodyValue] Object A complete body value to be supplied with a POST or PUT.

QRadar.callNamedServiceEndpoint(serviceName, serviceVersion, endpointName, restArgs, [parameterValues], [bodyValue])

Makes a REST API call to a named service endpoint.

This is a wrapper function which calls the /gui_app_framework/named_services REST API, picks out the specified service endpoint, and invokes it using the supplied parameters/values.

Kind: static method of QRadar
Throws:

  • Error if any wrapped function call fails.
Param Type Description
serviceName String See getNamedService serviceName.
serviceVersion String See getNamedService serviceVersion.
endpointName String See getNamedServiceEndpoint endpointName.
restArgs Object See buildNamedServiceEndpointRestArgs restArgs.
[parameterValues] Object See buildNamedServiceEndpointRestArgs parameterValues.
[bodyValue] Object See buildNamedServiceEndpointRestArgs bodyValue.
Clone this wiki locally