QRadar
QRadar is a network security management platform that provides situational awareness and compliance support. QRadar uses a combination of flow-based network knowledge, security event correlation, and asset-based vulnerability assessment.
Creating a QRadar connection
To create the connection you need:
- A SEC token
- An API address
Obtaining the credentials
-
In the QRadar dashboard, click Main Menu > Admin.
-
In the User Management section, select Authorized Services.
-
In the Authorized Services window, click Add Authorized Service.
-
Fill in the relevant parameters:
Parameter Description Service name Name of the authorized service (max 255 characters. User role Select a user role (All or Admin are recommended). Security profile Select a security profile. The security profile determines the networks and log sources that this service can access on the QRadar user interface. Expiry date Type or select a date that you want this service to expire. If an expiry date is not necessary, select No Expiry. -
Click Create Service.
-
Click the row that contains the service you created, select and copy the token string from the Selected Token field in the menu bar. Close the Manage Authorized Services window.
-
On the Admin tab, click Deploy Changes.
Creating your connection
-
In the Blink platform, navigate to the Connections page > Add connection. A New Connection dialog box opens displaying icons of external service providers available.
-
Select the QRadar icon. A dialog box with name of the connection and connection methods appears.
-
(Optional) Edit the name of the connection. At a later stage you cannot edit the name.
-
Select SEC Token as the method to create the connection.
-
Fill in the parameters:
- The API address
- The SEC token
-
(Optional) Click Test Connection to test it.
-
Click Create connection. The new connection appears on the Connections page.