Question & Answer
Question
What is the difference between application framework, applications, and content extensions?
Answer
QRadar® applications are composed of three components:
- Application Framework
- Applications
- Content extensions
Application Framework
The application framework is the engine that hosts applications in QRadar®. The application framework is a general term used by support to describe the micro services that allow applications to run within Docker containers on the Console, App Host, or QRadar Cloud Apps appliances. The application framework allows an administrator to extend the functionality of QRadar through hosted applications modules that integrate with the existing QRadar user interface and expose new capabilities to it.
Applications
Applications are modules that add functionality to QRadar. Applications have the ability to define their own custom dashboard items, buttons, configuration pages, menu actions, and rules specific to the application as well as other capabilities. Applications are isolated from the QRadar user interface runtime, and each one has their own dedicated memory allocation and a defined amount of CPU resources allocated to it.
All interaction with the application is proxied through the QRadar user interface. There is no direct access to network ports or web services are normally permitted. Some applications are QRadar on Cloud ready which in the application description you can look under Contents section of the application description for "QRadar on Cloud" Ready yes.
Applications are modules that add functionality to QRadar. Applications have the ability to define their own custom dashboard items, buttons, configuration pages, menu actions, and rules specific to the application as well as other capabilities. Applications are isolated from the QRadar user interface runtime, and each one has their own dedicated memory allocation and a defined amount of CPU resources allocated to it.
All interaction with the application is proxied through the QRadar user interface. There is no direct access to network ports or web services are normally permitted. Some applications are QRadar on Cloud ready which in the application description you can look under Contents section of the application description for "QRadar on Cloud" Ready yes.
To determine whether an application is QRadar on Cloud Ready.
- From the Dashboard, click the Shield icon.
- Click Applications.
- In Search, type the application to install.
- Select the application from the search result.
- Click See Full Description.
- In the Additional Information section, confirm the application is QRadar on Cloud Ready.
Content Extensions
Content extensions add new content such as rules, reports, searches, reference sets, and custom properties to QRadar. Content extensions run on the Console and do not need to run under the application framework. It is important to keep content extensions up to date. Content extension updates include updated rules, searches, and custom properties as well as feature and performance enhancements.
[{"Type":"MASTER","Line of Business":{"code":"LOB24","label":"Security Software"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSBQAC","label":"IBM Security QRadar SIEM"},"ARM Category":[{"code":"a8m0z000000cwt3AAA","label":"QRadar Apps"}],"ARM Case Number":"","Platform":[{"code":"PF016","label":"Linux"}],"Version":"All Versions"}]
Was this topic helpful?
Document Information
Modified date:
18 May 2022
UID
ibm16198851