Centrify Redrock REST API protocol configuration options
The Centrify Redrock REST API protocol is an outbound/active protocol for IBM® Security QRadar® that collects events from Centrify Identity Platform.
The Centrify Redrock REST API protocol supports Centrify Identity Platform and CyberArk Identity Security Platform.
The following parameters require specific values to collect events from Centrify Identity Platform:
Parameter | Value |
---|---|
Log Source type | Centrify Identity Platform |
Protocol Configuration | Centrify Redrock REST API |
Log Source Identifier | A unique name for the log source. The Log Source Identifier can be any valid value and does not need to reference a specific server. The Log Source Identifier can be the same value as the Log Source Name. If you have more than one Centrify Identity Platform log source that is configured, you might want to identify the first log source as centrify1, the second log source as centrify2, and the third log source as centrify3. |
Tenant ID | The Centrify assigned unique customer or tenant ID. |
Tenant URL | Automatically generated tenant URL for the specified tenant ID. For example, tenantId.my.centrify.com |
Username | The user name that is associated with the Cloud service for Centrify Identity Platform. |
Password | The password that is associated with the Centrify Identity Platform user name. |
Event Logging Filter | Select the logging level of the events that you want to retrieve. Info, Warning and Error are selectable. At least one filter must be selected. |
Allow Untrusted Certificates |
Enable this option to allow self-signed, untrusted certificates. Do not enable this option for SaaS hosted tenants. However, if required, you can enable this option for other tenant configurations. The certificate must be downloaded in PEM or DER encoded binary format and then placed in the /opt/qradar/conf/trusted_certificates/ directory with a .cert or .crt file extension. |
Use Proxy |
When a proxy is configured, all traffic from the Centrify Redrock REST API travels through the proxy. Configure the Proxy Server, Proxy Port, Proxy Username, and Proxy Password fields. If the proxy does not require authentication, you can leave the Proxy Username and Proxy Password fields blank. |
EPS Throttle |
The maximum number of events per second that QRadar ingests. If your data source exceeds the EPS throttle, data collection is delayed. Data is still collected and then it is ingested when the data source stops exceeding the EPS throttle. The default is 5000. |
Recurrence |
The time interval can be in hours (H), minutes (M) or days (D). The default is 5 minutes (5M). |