Universal Cloud REST API protocol
The Universal Cloud REST API protocol is an outbound, active protocol for IBM® QRadar®. You can customize the Universal Cloud REST API protocol to collect events from various REST APIs, including data sources that do not have a specific DSM or protocol.
For Universal Cloud REST API protocol examples, see GitHub samples (https://github.com/ibm-security-intelligence/IBM-QRadar-Universal-Cloud-REST-API).
The following table describes the protocol-specific parameters for the Universal Cloud REST API protocol.
|Log Source Identifier||
Type a unique name for the log source.
The Log Source Identifier can be any valid value and does not need to reference a specific server. It can also be the same value as the Log Source Name. If you have more than one configured Universal Cloud REST API log source, ensure that you give each one a unique name.
The XML document that defines how the protocol instance collects events from the target API.
For more information, see Workflow.
|Workflow Parameter Values||
The XML document that contains the parameter values used directly by the workflow.
For more information, see Workflow Parameter Values.
|Allow Untrusted Certificates||If you enable this parameter, the protocol can accept self-signed and
otherwise untrusted certificates that are located within the
/opt/qradar/conf/trusted_certificates/ directory. If you disable the parameter,
the scanner trusts only certificates that are signed by a trusted signer.
The certificates must be in PEM or RED-encoded binary format and saved as a .crt or .cert file.
If you modify the workflow to include a hardcoded value for the Allow Untrusted Certificates parameter, the workflow overrides your selection in the UI. If you do not include this parameter in your workflow, then your selection in the UI is used.
|Use Proxy||If the API is accessed by using a proxy, select this checkbox.
Configure the Proxy IP or Hostname, Proxy Port, Proxy Username, and Proxy Password fields. If the proxy does not require authentication, you can leave the Proxy Username and Proxy Password fields blank.
|Recurrence||Specify how often the log collects data. The value can be in Minutes (M), Hours (H), or Days (D). The default is 10 minutes.|
|EPS Throttle||The limit for the maximum number of events per second (EPS) for events that are received from the API. The default is 5000.|