IBM QRadar

IBM QRadar

Join this online user group to communicate across Security product users and IBM experts by sharing advice and best practices with peers and staying up to date regarding product enhancements.

 View Only

New Testing Information Explained: What Submitters Need to Know

By Pratik Surela posted 18 days ago

  

App Submission form changes that enhance the app validation process

Context: Improving the QRadar App Ecosystem

The QRadar App & Integration Ecosystem is one of the strongest collaboration platforms in the SIEM industry. Through the IBM App Exchange, security teams, partners, and developers can create and share ready-to-use apps that extend QRadar with new dashboards, integrations, and workflows.

To keep this ecosystem strong and reliable, IBM is introducing updates to the app validation workflow. These changes help ensure apps meet better quality, security, and support standards before they are published.

Introduction

As part of the improvements in the app validation process, we have updated the Testing Information section of the App Validation submission form. Several new fields have been added to capture evidence of functional testing, along with basic testing. Submitters are now responsible for providing this evidence during app submission, while the App Validation team will review it and will not perform any functional testing themselves.

New Fields and Overview

Testing Information

These new fields allow submitters to provide detailed information, screenshots, and videos demonstrating that the app has been tested in their environment. This approach helps eliminate duplicate efforts by the validation team, ensures proper documentation of testing, and accelerates the app validation process. 

1. App Installation and Configuration 
App Installation
  • Purpose: To confirm that the app has been properly installed and configured in the submitter’s environment.
  • Overview: Submitters must verify that the app installs and configures correctly without errors before submission.
  • Question: Have you tested the installation and configuration process?
  • Options: Yes / No 
2. Basic Testing 
Basic Testing
  • Purpose: To ensure that fundamental app functionality has been tested by the submitter.
  • Overview: Submitters are requested to share their basic testing results, including screenshots or videos where necessary, to demonstrate that the app behaves as expected. 

3. Test Cases
  • Purpose: To standardize the testing evidence provided and ensure coverage of essential functionality.
  • Overview: Submitters must complete a table of test cases, indicating whether each test passed or failed, optionally adding comments and attaching supporting evidence. 

·      Table Columns: 

Table Column
    • Testcase – Description of the test
    • Result – Pass / Fail
    • Comments – Optional notes for additional context
    • Evidence – Screenshots or videos demonstrating test execution 

Key Test Cases Include:
1. Version Verification: Ensure the version field in the App Validation Portal matches the app manifest.txt and manifest.json version. 

a.       

Version verification

b.       

Manifest txt

c.       

Manifest json

2. Pre-Validation Report: Verify that the pre-validation report has passed. 

a.       

Pre-validation

3. Fresh Install/Uninstall: Confirm that the app installs and uninstalls correctly without errors. 

a.       

Fresh Installation

4. App Update: Verify that updating the app works smoothly and without issues.

5. Display Verification: Confirm the app is visible in both the side menu and Admin tab. If not applicable, select the N/A option.

Display verification

6. Basic Functionality: Ensure the app does not generate 404 errors or Null Pointer exceptions during normal operation.  If not applicable, select the N/A option.

7. Event Parsing: Verify that events are coming in correctly and parsing works as expected.

8. Developer Certificates: Confirm that developer certificates are present and properly signed. 

Developer Certification

9. QRadar Version Compatibility: Verify that the app works on the targeted QRadar version(s) listed in the manifest file. 

4. Feature Testing (Optional)
  • Purpose: To provide additional evidence of advanced feature testing beyond basic functionality.
  • Overview: Submitters can attach logs, screenshots, or videos showing that specific app features have been tested successfully. 
5. Security Testing (Optional) 
  • Purpose: To confirm that the app has undergone security testing. 
  • Question: Have you performed security testing (e.g., vulnerability scanning, penetration testing)? 
  • Options: Yes / No 
  • Overview: While optional, providing this information helps the validation team ensure the app meets security standards. 
6. QRadar Versions
  • Purpose: To confirm compatibility across QRadar versions.
  • Overview: Submitters should specify the major and minor versions of QRadar on which the app was tested (e.g., 7.5.x UP8, 7.5.x UP9). Testing on the current and previous versions (n and n-1) is recommended. 
7. Payload (Optional)
  • Purpose: To provide testing data used during app validation.
  • Overview: Submitters can attach the payload used to test the app, helping the validation team understand test conditions and reproduce scenarios if needed. 
8. Final Confirmation
  • Purpose: To formally declare that the app is ready for submission.
  • Overview: Submitters must confirm that:
    • The app has been fully tested in their environment.
    • The app complies with all IBM QRadar App Exchange guidelines and policies.
    • They accept responsibility for the provided testing information.
  • Action: Accept declaration to complete submission. 

Summary

The App Validation submission form now includes new Testing Information fields that require developers to provide evidence of their own app testing. This shifts functional testing to the submitter and speeds up the validation process.

Submitters must verify installation, configuration, basic functionality, version compatibility, and certificate checks, and provide screenshots or videos through structured test cases. Optional fields allow sharing feature testing, security testing, payloads, and QRadar versions used.

Before submitting, developers must confirm that the app is fully tested, meets QRadar App Exchange guidelines, and that all provided information is accurate. This ensures better documentation, reduces duplicate efforts, and improves overall validation efficiency.

Related Blogs

·      QRadar App Validation Guide: How to Get Your App Approved Faster - https://community.ibm.com/community/user/blogs/pratik-surela/2025/10/08/qradar-app-validation-guide-how-to-get-your-app-ap

·      Building QRadar Apps: Everything You Should Know About manifest.txt - https://community.ibm.com/community/user/blogs/pratik-surela/2025/10/08/everything-you-need-to-know-about-manifesttxt-in-q

Written by: Pratik Surela (@Pratik Surela)
Reviewed by: Ashish Kothekar (@ASHISH KOTHEKAR)

For any queries, feel free to reach out to us at pratik.surela@ibm.com or ashish.kothekar@in.ibm.com

0 comments
12 views

Permalink

https://community.ibm.com/community/user/blogs/pratik-surela/2025/12/01/new-testing-information-explained-what-submitters