SkillAgentSearch skills...

Qradar

Unofficial third-party scripts, playbooks, and content for IBM QRadar & QRadar Community Edition.

GenerateConvertImprove

Install / Use

/learn @josh-morin/Qradar
About this skill

Quality Score

0/100

Supported Platforms

Universal

README

Contents

Custom Action Scripts

Short Message Service

sms.sh

Send text messages from QRadar ”Custom Actions” using Twilio API in a bash file.

Setup

  1. Create an account from http://www.twilio.com
  2. Retrieve Phone number, Id, and Token generated under your dashboard
  3. Apply Phone number, Id, and Token into script
  4. Call script into QRadar, see QRadar setup below

QRadar Setup

  1. Go to Admin tab and select Define Actions under Custom Actions
  2. Select Add from top menu options
  3. Provide the following:
    • Name
    • Description
    • Interpreter: Bash
    • Upload SMS Bash/Curl script
    • Parameter Name
    • Fix Property Value
  4. Click Add
  5. Click Save

Custom Configurations

arielRightClick.properties

To add these entries into the ariel right-click menu, copy this file into /opt/qradar/conf and restart tomcat.

The following options are included:

  • Bluecoat
  • Cisco Talos
  • DomainTools
  • Google Cached View
  • LOLBAS
  • Maclookup
  • Robtex
  • SpeedGuide
  • ThreatCrowd
  • URLVoid
  • Userstack
  • VeriSign

ip_context_menu.xml

To add these entries into the right-click menu, copy this file into /opt/qradar/conf and restart tomcat.

The following options are included:

  • Nmap
  • Ping
  • Traceroute
  • X-Force Exchange
  • AbuseIPDB
  • AlienVault OTX
  • Censys
  • Cisco Talos
  • DNSlytics
  • DShield
  • Google Safe Browsing
  • GreyNoise
  • IPVoid
  • MxToolBox Blacklist
  • Project Honey Pot
  • Robtex
  • Shodan
  • Spamhaus Reputation Checker
  • ThreatCrowd
  • ThreatMiner
  • VirusTotal

network_hierarchy.json

This is a starter template for Network hierarchy with "Address-Methods" that contains Loopback addresses, Multicast, and Unicast via IPv4 and IPv6. It also has the default "Net-10-172-192" only. Always remember to add geo coordinates.

Remote Automation

qradar_check.py

Gathers information and presents an HTML status report about your QRadar deployment.

Resources

Resources & Content by IBM

Unofficial Resources

Disclaimer

All content is without warranty of any kind. Use at your own risk. I assume no liability for the accuracy, correctness, completeness, usefulness, or any damages.

IBM, the IBM logo, and ibm.com are trademarks or registered trademarks of International Business Machines Corp., registered in many jurisdictions worldwide. Other product and service names might be trademarks of IBM or other companies.

josh-morin

View profile

View on GitHub
GitHub Stars87
CategoryContent
Updated3mo ago
Forks21
josh-morin/qradar

Languages

Python

Security Score

97/100

Audited on Dec 17, 2025

No findings