Third party check engine under the right-click menu
Today we’d like to share how you can easily add an extra plugin to your QRadar. This can be useful when you want to do deep investigations in a easy way, just using the right-click function. As an example, let’s add IPVOID (http://www.ipvoid.com/) to check source/destination IPs which can be found in a QRadar event.
In order to achieve it, follow below steps:
1. Open a SSH session to your QRadar main console.
2. Make a copy of the ip_context_menu.xml template to the QRadar config folder:
[root@my_radar]# cp /opt/qradar/conf/templates/ip_context_menu.xml /opt/qradar/conf/
3. Add your “new third party search engine” by editing the ip_context_menu.xml file:
[root@my_radar]# vim /opt/qradar/conf/ip_context_menu.xml
3. Add the following line in the ip_context_menu.xml file. You can change the parameters according with your plugin:
<menuEntry name=”IPVOID Check” url=”http://www.ipvoid.com/scan/%IP%/” />
4. Restart the tomcat service
[root@my_radar]#service tomcat restart
5. Done! Now you can use your plugin. It will appear under the right click, More Options->Plugins->IPVOID Check.
This entry was posted in Administration, Integrations, Tunning and tagged Add-Ons, Customization, Plugins, Right-Click Menu.