-
Notifications
You must be signed in to change notification settings - Fork 11
qappfw
Static class providing utility functions for QRadar
Kind: global class
-
QRadar
-
.getApplicationId() ⇒
Number
-
.getApplicationBaseUrl([id]) ⇒
String
-
.getSelectedRows() ⇒
Array
-
.getItemId() ⇒
String
- .rest(args)
- .fetch(path, options) ⇒
-
.getCurrentUser() ⇒
Object
- .openOffense(offenseId, [openWindow])
- .openAsset(assetId, [openWindow])
- .openAssetForIpAddress(ipAddress, [openWindow])
- .openEventSearch(aql, [openWindow])
- .openFlowSearch(aql, [openWindow])
-
.getNamedService(services, serviceName, serviceVersion) ⇒
Object
-
.getNamedServiceEndpoint(service, endpointName) ⇒
Object
-
.buildNamedServiceEndpointRestArgs(restArgs, endpoint, [parameterValues], [bodyValue]) ⇒
Object
- .callNamedServiceEndpoint(serviceName, serviceVersion, endpointName, restArgs, [parameterValues], [bodyValue])
-
.getApplicationId() ⇒
Returns the id of the current application.
This function can only be used where JavaScript is included using the page_scripts section of an application manifest.json file.
Kind: static method of QRadar
Returns: Number
- The id of the current application.
Throws:
- Error if application could not be identified.
Returns the base URL of an application.
The format of the returned URL is: https://<ip address>/console/plugins/<app id>/app_proxy
This function can only be used where JavaScript is included using the page_scripts section of an application manifest.json file.
Kind: static method of QRadar
Returns: String
- The base URL of an application.
Throws:
- Error if id was not supplied and the current application could not be identified.
Param | Type | Description |
---|---|---|
[id] | Number |
The id of an application to get the base URL for. If not supplied, the id of the current application is used. |
Returns the ids of selected rows on a list page such as the offense or asset list.
Kind: static method of QRadar
Returns: Array
- The ids of the selected rows.
If no rows are selected, the array will be empty.
Throws:
- Error if the current page does not contain a table of selectable rows.
Returns the id of the item being viewed (e.g. asset, offense).
Kind: static method of QRadar
Returns: String
- Item id.
Throws:
- Error if the current page does not support item identification.
Calls a REST method using an XMLHttpRequest.
Kind: static method of QRadar
Throws:
- Error if any required arguments are missing.
Param | Type | Default | Description |
---|---|---|---|
args | Object |
||
args.httpMethod | String |
The HTTP method to use (GET/PUT/POST/DELETE). | |
args.path | String |
The path to the REST endpoint.
|
|
[args.body] | String |
The data to POST or PUT. | |
[args.onComplete] | function |
Callback function to be invoked when the REST request finishes. The function can access the XMLHttpRequest using "this". | |
[args.onError] | function |
Callback function to be invoked if the REST request fails to complete. | |
[args.headers] | Array |
Headers to be supplied with the REST request. Each array entry should be a JSON object with "name" and "value" properties. | |
[args.contentType] | String |
"application/json" |
MIME type of a POST or PUT request. Default value is used only if Content-Type is not supplied in args.headers. |
[args.timeout] | Number |
HTTP timeout, in milliseconds, to be supplied with an asynchronous REST request. If args.async is false, the timeout is ignored. | |
[args.async] | boolean |
true |
Set to false to make a synchronous request. WARNING: this is not recommended. |
Uses the fetch API (or polyfilled alternative) to make a HTTP request, returning a promise.
Kind: static method of QRadar
Returns: Fetch promise that when resolved executed the request
Param | Type | Description |
---|---|---|
path | String |
The path to the endpoint.
|
options | Object |
Fetch options, defining method, headers etc. Includes a timeout. See https://developer.mozilla.org/en-US/docs/Web/API/Fetch_API/Using_Fetch#Supplying_request_options |
[args.timeout] | Number |
How long to wait before timing out the request, default 10000ms (10 seconds) |
[args.credentials] | String |
CORS credentials type to use, default "same-origin" |
[args.headers] | Array |
Headers included in the request, default ["Content-Type": "application/json"] |
Returns information on the currently logged in QRadar user, including their name and role.
Kind: static method of QRadar
Returns: Object
- The currently logged in QRadar user.
WARNING this function uses a synchronous JavaScript call.
Opens the details page of an offense, either in a new window or in the Offenses tab.
Kind: static method of QRadar
Throws:
- Error if offenseId is not supplied or if the offense could not be displayed.
Param | Type | Default | Description |
---|---|---|---|
offenseId |
String | Number
|
The id of the offense to be viewed. | |
[openWindow] | boolean |
true |
If true, open the result in a new window. Otherwise, open in the Offenses tab. |
Opens the details page of an asset, either in a new window or in the Assets tab.
Kind: static method of QRadar
Throws:
- Error if assetId is not supplied or if the asset could not be displayed.
Param | Type | Default | Description |
---|---|---|---|
assetId |
String | Number
|
The id of the asset to be viewed. | |
[openWindow] | boolean |
true |
If true, open the result in a new window. Otherwise, open in the Assets tab. |
Opens the details page of an asset for an IP address, either in a new window or in the Assets tab.
Kind: static method of QRadar
Throws:
- Error if ipAddress is not supplied or if the asset could not be displayed.
Param | Type | Default | Description |
---|---|---|---|
ipAddress | String |
The IP address of the asset to be viewed. | |
[openWindow] | boolean |
true |
If true, open the result in a new window. Otherwise, open in the Assets tab. |
Runs an event search with the specified AQL string, either in a new window or the Event Viewer tab.
Kind: static method of QRadar
Throws:
- Error if aql is not supplied or if the search results could not be displayed.
Param | Type | Default | Description |
---|---|---|---|
aql | String |
The AQL search string to execute. | |
[openWindow] | boolean |
true |
If true, open the search in a new window. Otherwise, open in the Event Viewer tab. |
Runs a flow search with the specified AQL string, either in a new window or the Flow Viewer tab.
Kind: static method of QRadar
Throws:
- Error if aql is not supplied or if the search results could not be displayed.
Param | Type | Default | Description |
---|---|---|---|
aql | String |
The AQL search string to execute. | |
[openWindow] | boolean |
true |
If true, open the search in a new window. Otherwise, open in the Flow Viewer tab. |
Selects and returns a service from a list retrieved by a /gui_app_framework/named_services REST API call.
Kind: static method of QRadar
Returns: Object
- The service with the given name and version from the services list.
Throws:
- Error if the services list did not contain an entry with the given name and version.
Param | Type | Description |
---|---|---|
services | Array |
The array returned by /gui_app_framework/named_services. |
serviceName | String |
The name of the service to look for in services. |
serviceVersion | String |
The version of the service to look for in services. |
Selects and returns a service endpoint.
Kind: static method of QRadar
Returns: Object
- The service endpoint with the given name.
Throws:
- Error if the service object did not contain an endpoint with the given name.
Param | Type | Description |
---|---|---|
service | Object |
A service object as returned by getNamedService. |
endpointName | String |
The name of the endpoint to look for in the service object. |
QRadar.buildNamedServiceEndpointRestArgs(restArgs, endpoint, [parameterValues], [bodyValue]) ⇒ Object
Populates an arguments object to be used in a rest call to a named service endpoint.
Kind: static method of QRadar
Returns: Object
- restArgs populated with properties from endpoint, parameterValues and bodyValue.
Throws:
- Error if a parameterValue property was not supplied for each endpoint PATH parameter.
See: rest
Param | Type | Description |
---|---|---|
restArgs | Object |
A possibly empty object which will be populated with arguments for a call to rest. The properties of restArgs which can be populated by this function are: httpMethod, path, body and contentType. All other properties must be populated by the caller. |
endpoint | Object |
A service endpoint object as returned by getNamedServiceEndpoint. |
[parameterValues] | Object |
Contains properties whose values will be used to populate the endpoint's PATH/QUERY/BODY parameters. |
[bodyValue] | Object |
A complete body value to be supplied with a POST or PUT. |
QRadar.callNamedServiceEndpoint(serviceName, serviceVersion, endpointName, restArgs, [parameterValues], [bodyValue])
Makes a REST API call to a named service endpoint.
This is a wrapper function which calls the /gui_app_framework/named_services REST API, picks out the specified service endpoint, and invokes it using the supplied parameters/values.
Kind: static method of QRadar
Throws:
- Error if any wrapped function call fails.
Param | Type | Description |
---|---|---|
serviceName | String |
See getNamedService serviceName. |
serviceVersion | String |
See getNamedService serviceVersion. |
endpointName | String |
See getNamedServiceEndpoint endpointName. |
restArgs | Object |
See buildNamedServiceEndpointRestArgs restArgs. |
[parameterValues] | Object |
See buildNamedServiceEndpointRestArgs parameterValues. |
[bodyValue] | Object |
See buildNamedServiceEndpointRestArgs bodyValue. |