# IBM QRadar ## Connection Requirements {% stepper %} {% step %} ### IP IP address of the IBM QRadar host. {% endstep %} {% step %} ### Port Port number (optional, default: 443). {% endstep %} {% step %} ### SEC Token * On the Admin tab, click Authorized Services in the User Management section. * In the Authorized Services window, click Add Authorized Service. * Add the relevant information in the following fields and click Create Service: * In the Service Name field, type a name for this authorized service. * From the User Role list, select the user role that you want to use. * From the Security Profile list, select the security profile that you want to assign to this authorized service. * In the Expiry Date list, type or select a date that you want this service to expire. If an expiry date is not necessary, select No Expiry. * Click Create Service. {% hint style="info" %} 🔵 Note\ To authenticate as an authorized service, you create an authentication token that uses authorized services. IBM QRadar authorized services have roles and security profiles assigned that control access to the various API resources. {% endhint %} {% endstep %} {% step %} ### SSL Use SSL for connection (optional, default: Encrypted). {% endstep %} {% step %} ### Use raw name data as hostname This option will fetch the "Name" field as-is without any additional processing. Turning this option on might increase your total device count and is turned off by default. {% endstep %} {% step %} ### Get only online machines When enabled, this option filters results to include only machines that are currently online. By default, this option is disabled. {% endstep %} {% step %} ### Separator To accurately extract hostnames in IBM QRadar, it's important to define a pattern. This helps OctoXLabs handle various naming conventions. You can specify the hostname field using separators. If multiple scenarios apply, the separator patterns can be divided with a comma (","). Examples: * For "hostname @ some data": `{{ hostname }} @` * For "windows --- hostname --- logs": `---{{ hostname }}---` By default, it is set to `hostname @`. {% endstep %} {% step %} ### Fetch Size Specify the fetch size for queries (controls how many items are returned per request). {% endstep %} {% endstepper %} {% hint style="warning" %} ⚠️ Attention\ Please perform a **connection test** to ensure there is a valid connection to the host.\ When the discovery operation is finalized, you will be able to see the details on the **Assets** page. {% endhint %} --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.octoxlabs.com/adapters/adapters/ibm-qradar.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.