IBM QRadar

Connection Requirements

1 - IP

IP address of the IBM QRadar host.

2 - Port

Port number (optional, default: 443 ).

3 - SEC Token

  1. 1.
    On the Admin tab, click Authorized Services in the User Management section.
  2. 2.
    In the Authorized Services window, click Add Authorized Service.
  3. 3.
    Add the relevant information in the following fields and click Create Service:
    • In the Service Name field, type a name for this authorized service
    • From the User Role list, select the user role that you want to use.
    • From the Security Profile list, select the security profile that you want to assign to this authorized service. The security profile determines the networks and log sources that this service can access on the QRadar user interface.
    • In the Expiry Date list, type or select a date that you want this service to expire. If an expiry date is not necessary, select No Expiry.
    • Click Create Service.
  4. 4.
    Click the row that contains the service you created, select and copy the token string from the Selected Token field in the menu bar, and close the Manage Authorized Services window.
  5. 5.
    On the Admin tab, click Deploy Changes.
  6. 6.
    In the Operations section of the Admin page, click QRadar Operations.
  7. 7.
    Paste the authorized service token string into the SEC Token field and click Save.
Note: To authenticate as an authorized service, you create an authentication token that uses authorized services. IBM QRadar authorized services have roles and security profiles assigned that control access to the various API resources.

4 - SSL

Use SSL for connection (optional, default: Encrypted)

5 - Separator

Header of your IBM QRadar separator if your log source > name field have a separator (optional, default: @).
Please fill in this field as "hostname @" if your hostname is to the left side of this separator, "@ hostname" if it is to the right side.
Attention
Please perform a connection test to ensure there is a valid connection to the IBM QRadar host. When the discovery operation finalized you will be able to see the details on Assets page.