Configuring the connection to QRadar on Cloud

Users with an Administrator role for IBM® QRadar® Proxy can connect to an IBM QRadar on Cloud deployment so that IBM Security QRadar Suite Software can connect to QRadar APIs and supported versions of QRadar apps from that deployment. After you enter the connection settings, you and your users can add your own authentication token, QRadar username and password, or both. Then, view QRadar SIEM dashboards and other dashboards with QRadar data, or access supported QRadar apps such as QRadar User Behavior Analytics.

Before you begin

To connect to QRadar on Cloud from QRadar Proxy, you need the following information:

  • Host name. To find the information, go to the Admin tab, open the IBM Security QRoC Self-Serve app, and click Deployment.
  • Host port. For more information, see QRadar port usage (https://www.ibm.com/docs/en/qradar-on-cloud?topic=qradar-port-usage).
  • Authentication token. For more information, see Adding an authorized service token (https://www.imb.com/docs/en/qradar-on-cloud?topic=tokens-adding-authorized-service-token).

About this task

Only one QRadar deployment can be used per QRadar Suite Software account. For example, if you're a managed service provider that manages several customer accounts, use a different QRadar Suite Software account to access each QRadar deployment.

Procedure

  1. From the IBM Security QRadar Suite Software home page, click Menu > Connections > QRadar Proxy and select the deployment to which you want to connect.
  2. To access QRadar apps and APIs, specify a connection name and description for the connection.
  3. Configure the connection by specifying the QRadar Management IP address or hostname and port for the data source.
    Note: Access to the supported apps is provided outside of the context of IBM Security QRadar Suite Software, so a username and password is not required.
  4. Optional: Enter a Service Authentication Token. This token is used for background system services, such as IBM Detection and Response Center, and is also referred to as the SEC token.
  5. Add authentication credentials for the deployment.
    1. Enter a user authentication token to use the QRadar APIs. If you are a QRadar Proxy Administrator, you can alternatively select the checkbox to use the Service Authentication Token instead of entering your own user token.
      Important: Your users must enter their own authentication token.
    2. If you want to access supported QRadar apps, such as QRadar User Behavior Analytics, provide your own QRadar username and password. (Your users must enter their own username and password.)
  6. Click Save, and then verify that the connection is successful by checking the status in the navigation panel.

Results

If you no longer need the proxy connection, you can remove it on the QRadar Proxy page. Users will not be able to connect with the proxy until a new connection is configured.

What to do next

Adding a QRadar Proxy authentication token to access QRadar dashboards and Adding a QRadar username and password to access QRadar apps