How To
Summary
The key interface between lifecycle management of an app, during both its creation and running phases, is the QRadar GUI App Framework REST API endpoints.
Steps
It is best practice to set the version header explicitly to the version of the API you are developing with. If you do not set the version header you will fail app validation when you submit an app to IBM.
The following table describes the QRadar RESTful API endpoints:
Endpoint | Parameters | Description |
---|---|---|
GET /gui_app_framework/application_creation_task | Retrieves a list of status details for all asynchronous requests to create applications. | |
GET /gui_app_framework/application_creation_task/{application_id} | Application Instance ID | Retrieves status details for the asynchronous request to create the application with the specified id |
POST /gui_app_framework/application_creation_task | Application (.zip) bundle file | Creates an application within the application framework, and registers it with QRadar. The application is created asynchronously. A reference to the application instance id is returned and must be used in subsequent API calls to determine the status of the app installation. ( Note this endpoint creates both the instance and definition to maintain backwards compatibility in our APIs ) |
POST /gui_app_framework/application_creation_task/{application_id} | Application Instance ID, cancel status | Updates a new application installation within the application framework This is used to cancel the creation of an application by updating its status to CANCELLED |
GET /gui_app_framework/application_creation_task/{application_id}/auth | Application Instance ID | Retrieves an authorisation request for an application installation specifying which capabilities are being requested by the application. |
POST /gui_app_framework/application_creation_task/{application_id}/auth | Application Instance ID | Responds to an authorisation request for an application install. This is used to send a user id which has capabilities corresponding to those requested by the application so that an authorized service can be created with that user id and used by the application for background processing tasks. |
GET /gui_app_framework/application_definitions | Retrieves a list of application definitions that are installed on QRadar along with their manifest JSON structures and status | |
POST /gui_app_framework/application_definitions | Creates an application definition within the application framework and stores the docker image required to instantiate an instance of the application. A reference of the application definition id is returned and must be used in subsequent API calls to determine status of the definition creation. | |
GET /gui_app_framework/application_definitions/{application_definition_id} | Application Definition ID | Retrieves a specific application definition that is installed on QRadar along with its manifest JSON structure and status |
POST /gui_app_framework/application_definitions/{application_definition_id} | Application Definition ID | Updates a new application definition installation with the application framework. This is used to cancel the creation of the application definition by updating its status to CANCELLED |
PUT /gui_app_framework/application_definitions/{application_definition_id} | Application Definition ID | Upgrade an application definition (Note if the application definition has instances associated with it all of the instances will be upgraded to the new image specified by the definition ) |
DELETE /gui_app_framework/application_definitions/{application_definition_id} | Application Definition ID | Deletes an application definition and any associated instances |
GET - /gui_app_framework/application_definitions/{application_definition_id}/user_role_id | Application Definition ID | Retrieve all user roles associated with an application definition. (Note this will only show user roles adding using the POST endpoint below |
POST - /gui_app_framework/application_definitions/{application_definition_id}/user_role_id/{user_role_id} | Application Definition ID, User Role ID | Adds a user role to the list associated with an application definition |
DELETE - /gui_app_framework/application_definitions/{application_definition_id}/user_role_id/{user_role_id} | Application Definition ID, User Role ID | Removes a user role from the list associated with an application definition |
GET /gui_app_framework/applications | Retrieves a list of application instances that are installed on QRadar along with their manifest JSON structures and status. | |
POST /gui_app_framework/applications | Application Definition ID, Security Profile ID | Creates an application instance using the image corresponding to the application definition Id specified. The security profile Id controls who can view this instance of the application and only users that have this security profile Id associated with their user account will be able to view this application instance. A reference of the application instance id is returned and must be used in subsequent API calls to determine status of the instance creation. |
GET /gui_app_framework/applications/{application_id} | Application Instance ID | Retrieves a specific application instance that is installed on QRadar and its manifest JSON structure and status. |
POST /gui_app_framework/applications/{application_id} | Application Instance ID, start/stop status | Updates the status of an application instance. Starts or stops an application instance by setting status to RUNNING or STOPPED respectively. |
PUT /gui_app_framework/applications/{application_id} | Application Instance ID | Upgrade an application instance (Note if the associated application definition has other instances they will also be upgraded as a part of this operation) |
DELETE /gui_app_framework/applications/{application_id} | Application Instance ID | Deletes an application instance. |
GET /gui_app_framework/named_services | Retrieves a list of all named services registered with the Application Framework for the current user. Note if you have multiple instances this endpoint will show the named services for the user you made the GET request with. | |
GET /gui_app_framework/named_services/{uuid} | uuid | Retrieves a named service registered with the Application Framework by using the supplied uuid. |
Document Location
Worldwide
[{"Line of Business":{"code":"LOB24","label":"Security Software"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSBQAC","label":"IBM Security QRadar SIEM"},"ARM Category":[{"code":"a8m0z000000cwt3AAA","label":"QRadar Apps"}],"ARM Case Number":"","Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"All Version(s)"}]
Was this topic helpful?
Document Information
Modified date:
30 March 2021
UID
ibm16437511