QRadar
QRadar
QRadar is a network security management platform that provides situational awareness and compliance support. QRadar uses a combination of flow-based network knowledge, security event correlation, and asset-based vulnerability assessment.
Creating a QRadar connection
To create the connection you need:- A SEC token
- An API address
Obtaining the credentials
- In the QRadar dashboard, click Main Menu > Admin.
- In the User Management section, select Authorized Services.
- In the Authorized Services window, click Add Authorized Service.
-
Fill in the relevant parameters:
Parameter Description Service name Name of the authorized service (max 255 characters. User role Select a user role (All or Admin are recommended). Security profile Select a security profile. The security profile determines the networks and log sources that this service can access on the QRadar user interface. Expiry date Type or select a date that you want this service to expire. If an expiry date is not necessary, select No Expiry. - Click Create Service.
- Click the row that contains the service you created, select and copy the token string from the Selected Token field in the menu bar. Close the Manage Authorized Services window.
- On the Admin tab, click Deploy Changes.
Creating your connection
- In the Blink platform, navigate to the Connections page > Add connection. A New Connection dialog box opens displaying icons of external service providers available.
- Select the QRadar icon. A dialog box with name of the connection and connection methods appears.
- (Optional) Edit the name of the connection. At a later stage you cannot edit the name.
- Select SEC Token as the method to create the connection.
-
Fill in the parameters:
- The API address
- The SEC token
- (Optional) Click Test Connection to test it.
- Click Create connection. The new connection appears on the Connections page.