IBM QRadar

IP

IP address of the IBM QRadar host.

Port

Port number (optional, default: 443).

SEC Token

• On the Admin tab, click Authorized Services in the User Management section.

• In the Authorized Services window, click Add Authorized Service.

• Add the relevant information in the following fields and click Create Service:

  • In the Service Name field, type a name for this authorized service.

  • From the User Role list, select the user role that you want to use.

  • From the Security Profile list, select the security profile that you want to assign to this authorized service.

  • In the Expiry Date list, type or select a date that you want this service to expire. If an expiry date is not necessary, select No Expiry.

  • Click Create Service.

SSL

Use SSL for connection (optional, default: Encrypted).

Use raw name data as hostname

This option will fetch the "Name" field as-is without any additional processing. Turning this option on might increase your total device count and is turned off by default.

Get only online machines

When enabled, this option filters results to include only machines that are currently online. By default, this option is disabled.

Separator

To accurately extract hostnames in IBM QRadar, it's important to define a pattern. This helps OctoXLabs handle various naming conventions. You can specify the hostname field using separators. If multiple scenarios apply, the separator patterns can be divided with a comma (",").

Examples:

• For "hostname @ some data": {{ hostname }} @

• For "windows --- hostname --- logs": ---{{ hostname }}---

By default, it is set to hostname @.

Fetch Size

Specify the fetch size for queries (controls how many items are returned per request).