Adding Pulse Dashboards via a QRadar App

Steps

How to push one or more dashboards into a reference table named: pulse_imports

1. Create one or more dashboards that you want to add to a QRadar content extension. Export them in Pulse → Export and place all the JSON files under a common directory. i.e. A dashboards directory on your local computer. The path to this directory is needed for the putrefdata.py script. The dashboard "Set As Default" setting is not ignored when these dashboards are extracted from the content extension.
2. Make sure that the pulse_imports reference table on the QRadar console host is empty or use the -c option when using the python script. Any of the following methods can be used to clear the pusle_imports reference table:
   1. Ssh into the QRadar console and run the following command: /opt/qradar/bin/ReferenceDataUtil.sh list pulse_imports and verify that Failed to locate Reference Data Collection with name pulse_imports is returned.
   2. Go to REST-API page https://<console_address>/api_doc and run GET - /reference_data/tables and verify that a [] is returned.
3. Get the putrefdata.py (and its dependencies) from this package. Follow the instructions from the README.md (you must have already logged in to the QRadar console with a user that has admin user role).
4. Run the command from a command prompt (Windows):
   putrefdata.py -u admin -d <locationOfOneOrMoreDashboards> [-q <console_address>] [-p <console_password>]
   The -c option of the script clears the pulse_imports reference table before inserting the new dashboards into the reference table. To verify that the dashboard was properly inserted into the reference data table, use: /opt/qradar/bin/ReferenceDataUtil.sh list pulse_imports
   
   [root@vmibm7001 ~]# /opt/qradar/bin/ReferenceDataUtil.sh list pulse_imports
   Arg: list
   Arg: pulse_imports
   ReferenceDataCacheMapOfMaps{id=23, namespace=Shared, name=pulse_imports, collectionType=MAPOFMAPS, elementType=ALN, createdTime=2018-09-12 17:09:06, timeoutType=UNKNOWN, onElementExpiry=LOG_EACH}
    
5. Add the reference table to the content to export. The referencedata content-type should be used when running the contentManagement.pl command-line export or in the file containing all the content to be exported. For example, if you needed to export only the pulse content then the command is:
   opt/qradar/bin/contentManagement.pl --action export --content-type referencedata --regex "pulse_imports" --include-reference-data-elements
6. Export content and publish to App Exchange. Make sure to add information in the description saying the content extension contains Pulse Dashboard(s) since this will not be obvious from the content summary. Also, ensure you add instructions on how to import your dashboards into pulse in your extension documentation (see below).

Importing

• Content extensions are uploaded from Admin -> Extension Management by a user with admin user role.
• The admin user can decide to synchronize the templates or not. To synchronize, go to the Admin -> Pulse -> Pulse - Dashboard to synchronize with the latest templates found in the pulse_imports reference table. Here the admin is presented with a list of new, existing, or updated dashboards. Select Synchronize to update the Pulse dashboard templates.
• Non-admin users must go to the Pulse tab and Switch to Dashboard -> New Dashboard -> Templates, to add/update these templates into their local dashboard workspace, They can select the dashboards they want to add or update.

Updating a existing content extension

• Pulse uses UUIDs to uniquely identify its dashboards and dashboard items. When updating a dashboard that was previously a part of a published content extension, make sure the UUID of the dashboard is the same in both content extensions (original and updated version)
• When a user uploads the updated version of the content extension and has selected the "Replace existing items" at installation time, Pulse will detect this as an update.
• When the admin user goes to the Admin → Pulse Dashboard icon and selects it, the Pulse dashboard template now appears as an update. 
• When a user then go to the Pulse Switch to Dashboard → New Dashboard → Templates dialog, the newly imported dashboard template shows an update. When the update button is selected, users have the following options: "Create Copy", "Overwrite", or "Cancel". If "Create Copy" is selected, a new dashboard is created for that user. The original name is appended with a timestamp. If "Overwrite" is selected, the original dashboard is overwritten.