App Names, GUI Action Groups, and Page IDs

How To

Summary

App names, GUI action groups, and page IDs are identifiers that IBM® QRadar® uses for QRadar products, GUI actions, and UI pages

Steps

The following manifest blocks use these identifiers.

The groups field of the gui_actions block uses GUI action group identifiers to specify the toolbar or right-click menu where the GUI action is added:

"gui_actions": [
    {
        "id":"sampleToolbarButton",
        "text":"Sample Toolbar Button",
        "description":"Sample toolbar button that calls a REST method, passing an offense ID along",
        "icon":null,
        "rest_method":"sampleToolbarMethod",
        "javascript":"alert(result)",
        "groups":[ "OffenseListToolbar" ],
        "required_capabilities":[ "ADMIN" ]
    }
]

The app_name and page_id fields of the page_scripts block use the app name and page ID identifiers to specify the QRadar application tab and sub page into which the page script is added.

"page_scripts": [
    {
        "app_name":"SEM",
        " page_id":"OffenseList",
        "scripts":["/static/sampleScriptInclude.js"]
    }
],

Supported App Names

The following table shows a list of supported app names with descriptions.

Table 1. Supported app names

App Name	Description
assetprofile	Asset Profile (for example, Vulnerabilities: Manage Vulnerabilities, search)
Assets	Assets Manager
EventViewer	Event Viewer (for example, syslogdestination)
Forensics	Incident Forensics
QRadar	QRadar (for example, Reference Data)
QVM	QRadar Vulnerability Manager
Reports	Reports
Sem	Offense Management
SRM	QRadar Risk Manager
Surveillance	Network Surveillance (Flows)

Supported GUI Actions and Corresponding Page IDs

The following table describes the supported GUI Actions and corresponding page IDs.

Table 2. Supported GUI Actions and Page IDs

GUI Action group	App name	Page ID	Location
AssetDetailsToolbar	Assets	AssetDetailsVulnList	Assets - click on IP Address/ Vulnerabilities - Manage Vulnerabilities - By Asset - click on IP Address
AssetListToolbar	Assets	AssetList	Asset tab list
AssetOwnerToolbar	assetprofile	AssetOwner	Vulnerabilities tab - left panel - Vulnerability Assignment
AttackerList	SEM	OffenseSummary	Offense Tab - All Offenses - double-click offense row - right-click row in Top 5 Source IPs section
AttackerListSmallToolbar	SEM	OffenseAttackerList	Offenses tab - All Offenses - double-click offense row - click Sources button on Top 5 Source IPs toolbar
	NetworkAttackerList	Offenses tab - By Network - select row - click Sources button on toolbar to view List of Sources
	TargetAttackerList	Offenses tab - By Destination IP - select row, click Sources button on toolbar to view List of Sources
AttackerListToolbar	SEM	AttackerList	Offenses tab - By Source IP
ByAssetListFormToolbar	assetprofile	ByAssetListForm	Vulnerabilities tab - Manage vulnerabilities - by Asset
ByNetworkListToolbar	assetprofile	ByNetworkList	Vulnerabilities tab - Manage vulnerabilities - by Network
ByOpenServiceListToolbar	assetprofile	ByOpenServiceList	Vulnerabilities tab - Manage vulnerabilities - by Open Service
ByVulnerabilityInstanceListToolbar	assetprofile	ByVulnerabilityInstanceList	Vulnerabilities tab - Manage vulnerabilities - By vulnerability instance - main screen
ByVulnerabilityListToolbar	assetprofile	ByVulnerabilityList	Vulnerabilities tab - Manage vulnerabilities - By vulnerability
CategoryList	SEM	OffenseSummary	Offenses tab - All Offenses, - double-click row -Top 5 Categories table - right-click a row
CategoryListToolbar	SEM	OffenseCategoryList	Offenses Tab - All offenses - double-click row - click Display > Categories in toolbar - List of Event Categories table toolbar
DomainListToolbar	QRadar	DomainList	Admin tab - Domain Management
EventDetailsToolbar	Event Viewer	EventDetails	Log Activity tab - pause - click row - Events detail toolbar
ExceptionRulesListToolbar	assetprofile	ExceptionRulesList	Vulnerabilities tab - Vulnerability exception
FlowDetailsToolbar	Surveillance	FlowDetails	Network Activity - double-click on a flow.
FlowsourceListToolbar	Surveillance	FlowsourceList	Admin tab - Flow Sources
MyAssignedVulnerabilitiesListToolbar	assetprofile	MyAssignedVulnerabilitiesList	Vulnerability tab - My assigned vulnerabilities
NetworkHierarchyListToolbar	QRadar	NetworkHierarchyList	Admin tab - Network Hierarchy
NetworkListSmallToolbar	SEM	OffenseNetworkList	Offenses tab - All Offenses - double-click row - click Display in toolbar, Networks, Destination Networks table, toolbar, and right click
NetworkListToolbar	SEM	NetworkList	Offenses -By Network
NetworkSummaryToolbar	SEM	NetworkOffenseList	Offenses Tab - By Network - double-click an offense.
ObfuscationProfileContextMenu	QRadar	ObfuscationProfiles	Admin - Data Obfuscation Management
ObfuscationRightClick	QRadar		Deprecated
OffenseListSmallToolbar	SEM	AttackerOffenseList	Offenses - double-click a row in Offenses - double-click row in Top 5 SourceIPs - select a row and right click
	SEM	TargetOffenseList	Offenses - double-click a row in Offenses - double-click row in Top 5 SourceIPs - double-click a row - select a row and right click
OffenseListToolbar	SEM	OffenseList	Offenses tab main page
OffenseSummaryToolbar	SEM	OffenseSummary	Offenses tab, double-click Offense - toolbar
		OffenseDeviceList	Click Display > Log Sources
		OffenseUserList	Click Display > Users
		OffenseRuleList	Click Display > Rules
OffenseSummaryToolbar		OffenseAttackerList Added in QRadar V.7.3.0	Offenses tab, double-click Offense - on toolbar, Click Display > Sources
		OffenseCategoryList Added in QRadar V.7.3.0	Offenses tab, double-click Offense - on toolbar, Click Display > Categories
		OffenseNetworkList Added in QRadar V.7.3.0	Offenses tab, double-click Offense - on toolbar, Click Display > Networks
OffenseSummaryToolbar	SEM	OffenseAnnotationList Added in QRadar V.7.3.2	Click Display > Annotations
OffenseSummaryToolbar	SEM	OffenseTargetList Added in QRadar V.7.3.2	Click Display > Destinations
OffenseSummaryToolbar	SEM	NotesList Added in QRadar V.7.3.2	Click Display > Notes
ReferenceSetElemsContextMenu	QRadar	ReferenceSetElems	Admin tab- Reference Set Management - View a reference set - Content tab, right-click row
ReferenceSetElemsToolbar	QRadar	ReferenceSetElems	Admin tab- Reference Set Management - View a reference set - Content tab
ReferenceSetRulesContextMenu	QRadar	ReferenceSetRules	Admin tab - Reference Set Management - View a reference set - References tab, right-click row
ReferenceSetRulesToolbar	QRadar	ReferenceSetRules	Admin tab - Reference Set Management - View a reference set - References tab, click row, click toolbar button
ReferenceSetsContextMenu	QRadar	ReferenceSets	Admin tab - Reference Set Management - right-click a reference set.
ReferenceSetsToolbar	QRadar	ReferenceSets	Admin tab -Reference Set Management
ReportTemplateListToolbar	Reports	ReportTemplateListAll	Reports tab toolbar
ScanPolicyVulnerabilityListToolbar	assetprofile	ScanPolicyVulnerabilityList	Vulnerabilities tab - Left panel - Administrative - Scan Policies - Add - Scan Type Patch - Vulnerabilities Tab - Add. GUI action appears in toolbar
ScanResultsListToolbar	QVM	ScanResultsList	Vulnerabilities Tab - Scan Results
SensorDeviceListToolbar	EventViewer	SensorDeviceList	Admin tab - Log Sources
TargetList	SEM	OffenseSummary	Offenses tab - double-click offense, Top 5 Destination IPs table, right-click row.
TargetListToolbar	SEM	TargetList	Offenses tab - By Destination IP.
TargetSummaryToolbar	SEM	TargetOffenseList	Offenses tab - By Destination IP - double-click offense
TargetNotesList	Offenses tab - By Destination IP - double click offense - click Notes on toolbar
TargetAttackerList	Offenses tab - By Destination IP - double click offense - click Sources on toolbar
TenantListToolbar	QRadar	TenantList	Admin tab - Tenant Management
VaScannerSchedulesListToolbar	Assets	VaScannerSchedulesList	Admin tab - Schedule VA Scanners
VaScannersListToolbar	Assets	VaScannersList	Admin tab - VA Scanners
ViewNotesToolbar	SEM	OffenseSummary	Offenses tab - double-click Offense, Last 5 Notes table toolbar
ViewOffenseDevicesToolbar	SEM	OffenseSummary	Offenses tab - double-click Offense - Top 5 Log Sources table toolbar
ViewoffenseusersToolbar	SEM	OffenseSummary	Offenses tab - double-click Offense, Top 5 Users table toolbar
VulnerabilityManagementListPopup	assetprofile	ByAssetListForm, ByNetworkList, ByOpenServiceList, ByVulnerabilityList, MyAssignedVulnerabilitiesList, ByVulnerabilityInstanceList	Vulnerabilities tab - Manage Vulnerabilities- By Network - By Asset - By Vulnerability - By Open Service - My Assigned Vulnerabilities
arielListToolbar	Surveillance	FlowList	Network Activity tab
customEventListToolbar	EventViewer	EventList	Log Activity tab
ipPopup	Assets assetprofile assetprofile assetprofile assetprofile	AssetList MyAssignedVulnerabilitiesList ByVulnerabilityInstanceList ByAssetListForm ExceptionRulesList	Right-click IP address on Assets tab, Vulnerability tab - Manage Vulnerabilities - Vulnerability Exception
userNamePopup	Assets	AssetDetailsVulnList	For example, Assets Tab, click IP Address to View Asset Details, select a row in Vulnerabilities table, right-click Technical User, see right-click View Assets /View Events Also used in Offenses, Log Activity.

Deprecated GUI Actions

In QRadar V7.3.0 and later, the following GUI actions are deprecated:

OffenseList
NetworkList
HistoricalCorrelationToolbar
OffenseRuleList
OffenseDeviceList
OffenseUserList
NotesList
ByAssetListForm

Document Location

Worldwide

[{"Line of Business":{"code":"LOB24","label":"Security Software"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSBQAC","label":"IBM Security QRadar SIEM"},"ARM Category":[{"code":"a8m0z000000cwt3AAA","label":"QRadar Apps"}],"ARM Case Number":"","Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"All Version(s)"}]

Tips

App Names, GUI Action Groups, and Page IDs

How To

Summary

Steps

Supported App Names

Supported GUI Actions and Corresponding Page IDs

Deprecated GUI Actions

Document Location

Was this topic helpful?

Document Information

UID

Share your feedback

Need support?