Submitting X-Force Exchange credentials

To submit offenses for analysis to Watson from the QRadar® Advisor with Watson app, you must configure and enter your IBM® X-Force® Exchange credentials.

Before you begin

You must have QRadar administrator privileges to submit an authorization key.

Note: Because QRadar Advisor with Watson does not use the X-Force Premium QRadar rules, you do not need to enable the X-Force rules. QRadar uses only the advanced search functions that the X-Force Premium feed creates.

About this task

QRadar Advisor with Watson does not require you to install a license key. As an entitled user, you must configure your X-Force Exchange authorization key. You should use one API key and password for each environment you are running QRadar Advisor with Watson.

By connecting to the X-Force Exchange, you can send offenses for further analysis and enhancement by Watson. The authorization key that you submit must be for a user that is authorized to use the X-Force Exchange.
Note: The QRadar Advisor with Watson app uses the X-Force Threat Intelligence feed to prioritize observables based on risk scores that are sent to Watson. Although enabling the feed is not required to use the app, you should enable it for the best experience. To learn more about the X-Force Threat Intelligence feed, see the following technote: https://www.ibm.com/support/docview.wss?uid=swg21701213.

Procedure

  1. On the navigation menu ( Navigation menu icon ), click Admin.
  2. In the Apps section, under QRadar Advisor with Watson, click Configuration.
  3. In the XFE Credentials section, enter your X-Force Exchange API Key and API Password.
    1. With the same IBMid account you used to register for the QRadar Advisor with Watson app, log in to the IBM X-Force Exchange and go to the Settings page: https://exchange.xforce.ibmcloud.com/settings/api
    2. If you do not have an existing API key, click Generate.
      Note: More than one API key can exist for a single IBMid account, so if you regenerate an API key, both the old key and the new key will work. For example, if two API keys are used in two different instances, they will both work, and the investigation numbers on these instances will be combined and counted against the allotted quota for the registered IBMid account.
  4. Copy and paste your generated API key and the corresponding API password into the XFE credentials section.
  5. Click Submit.
    XFE Credentials screen