Configuring Box to communicate with QRadar
To retrieve administrator logs from your Box enterprise account, configure Box and your IBM QRadar Console. You must have a Box developer account.
Before you begin
Generate a private and public RSAkey pair for the JSON Web Token (JWT) assertion.
Tip: If you are a QRadar on Cloud user and the
Target Collector is either Console or Events Processor, you must open a case and upload the Private
Key (in DER format). DevOps then adds that Private Key to
/opt/qradar/conf/trusted_certificates/box.
- Log in to the Console or Linux® server
that has an
openssl
command.- For a private key, type the following
command:
openssl genrsa -out box_private_key.pem 2048
-
For a public key, type the following command:
openssl rsa -pubout -in box_private_key.pem -out box_public_key.pem
- For a private key, type the following
command:
- Save a copy of the public key. You paste the contents of the public key into the Add Public Key text box when you configure Box for API access.
- Convert the private key to DER by typing the following command on one
line:
openssl pkcs8 -topk8 -inform PEM -outform DER -in box_private_key.pem -out box_private_key.der -nocrypt
- Store the private key on your managed host in QRadar.
- Create a directory called "box" in the /opt/qradar/conf/trusted_certificates/ directory in QRadar.
- Copy the private key .DER file to the /opt/qradar/conf/trusted_certificates/box directory that you created. Do not store the private key in any other location.
- Configure the log source by using only the file name of the private key file in the /opt/qradar/conf/trusted_certificates/box directory. Ensure that you type the file name correctly in the Private Key File Name field when you configure the log source.
- Copy the private key to the /opt/qradar/conf/trusted_certificates/box
directory.Tip: If you configure the log source before you store the private key, an error message is displayed.