This repository contains samples of visualization add-ons to QRadar, utilizing public REST APIs.

These samples are provided for reference purposes on an "as is" basis, and are without warranties of any kind.

Any issues discovered using the samples should not be directed to QRadar support, but be reported on the Github issues tracker.

A stand alone visualization that displays incidents from QRadar. Incidents are represented based on magnitude and linked via IP addresses. Details (including geographic map and IP relationship chart) of the offense are available by clicking on an incident. Originally shown at RSA 2015 and Blackhat 2015.

A visualization that runs in a web browser, showing an interactive bubble chart of offenses

Ability to execute an advanced query directly from excel and have the results come back into excel