QRadar
QRadar is a network security management platform that provides situational awareness and compliance support. QRadar uses a combination of flow-based network knowledge, security event correlation, and asset-based vulnerability assessment.
Creating a QRadar connection
To create the connection you need:
- A SEC token
- An API address
Obtaining the credentials
In the QRadar dashboard, click Main Menu > Admin.
In the User Management section, select Authorized Services.
In the Authorized Services window, click Add Authorized Service.
Fill in the relevant parameters:
Parameter Description Service name Name of the authorized service (max 255 characters. User role Select a user role (All or Admin are recommended). Security profile Select a security profile. The security profile determines the networks and log sources that this service can access on the QRadar user interface. Expiry date Type or select a date that you want this service to expire. If an expiry date is not necessary, select No Expiry. Click Create Service.
Click the row that contains the service you created, select and copy the token string from the Selected Token field in the menu bar. Close the Manage Authorized Services window.
On the Admin tab, click Deploy Changes.
Creating your connection
- In the Blink platform, navigate to the Connections page > Add connection. A New Connection dialog box opens displaying icons of external service providers available.
- Select the QRadar icon. A dialog box with name of the connection and connection methods appears.
- (Optional) Edit the name of the connection. At a later stage you cannot edit the name.
- Select SEC Token as the method to create the connection.
- Fill in the parameters:
- The API address
- The SEC token
- (Optional) Click Test Connection to test it.
- Click Create connection. The new connection appears on the Connections page.