Creating a QRadar connection

To create the connection you need:
  • A SEC token
  • An API address

Obtaining the credentials

  1. In the QRadar dashboard, click Main Menu > Admin.
  2. In the User Management section, select Authorized Services.
  3. In the Authorized Services window, click Add Authorized Service.
  4. Fill in the relevant parameters:
    ParameterDescription
    Service nameName of the authorized service (max 255 characters.
    User roleSelect a user role (All or Admin are recommended).
    Security profileSelect a security profile. The security profile determines the networks and log sources that this service can access on the QRadar user interface.
    Expiry dateType or select a date that you want this service to expire. If an expiry date is not necessary, select No Expiry.
  5. Click Create Service.
  6. Click the row that contains the service you created, select and copy the token string from the Selected Token field in the menu bar. Close the Manage Authorized Services window.
  7. On the Admin tab, click Deploy Changes.

Creating your connection

  1. In the Blink platform, navigate to the Connections page > Add connection. A New Connection dialog box opens displaying icons of external service providers available.
  2. Select the QRadar icon. A dialog box with name of the connection and connection methods appears.
  3. (Optional) Edit the name of the connection. At a later stage you cannot edit the name.
  4. Select SEC Token as the method to create the connection.
  5. Fill in the parameters:
    • The API address
    • The SEC token
  6. (Optional) Click Test Connection to test it.
  7. Click Create connection. The new connection appears on the Connections page.