Customization

Third party check engine under the right-click menu

Posted on

Today we’d like to share how you can easily add an extra plugin to your QRadar. This can be useful when you want to do deep investigations in a easy way, just using the right-click function. As an example, let’s add IPVOID (http://www.ipvoid.com/) to check source/destination IPs which can be found in a QRadar event.

 

In order to achieve it, follow below steps:

1. Open a SSH session to your QRadar main console.

2. Make a copy of the ip_context_menu.xml template to the QRadar config folder:
[root@my_radar]# cp /opt/qradar/conf/templates/ip_context_menu.xml /opt/qradar/conf/

3. Add your “new third party search engine” by editing the ip_context_menu.xml file:
[root@my_radar]# vim /opt/qradar/conf/ip_context_menu.xml

3. Add the following line in the ip_context_menu.xml file. You can change the parameters according with your plugin:
<contextMenu>
<menuEntry name=”IPVOID Check” url=”http://www.ipvoid.com/scan/%IP%/&#8221; />
</contextMenu>

4. Restart the tomcat service
[root@my_radar]#service tomcat restart

5. Done! Now you can use your plugin. It will appear under the right click, More Options->Plugins->IPVOID Check.

 

Advertisements