Blue Coat Web Security Service REST API protocol configuration options
To receive events from Blue Coat Web Security Service, configure a log source to use the Blue Coat Web Security Service REST API protocol.
The Blue Coat Web Security Service REST API protocol is an outbound/active protocol that queries the Blue Coat Web Security Service Sync API and retrieves recently hardened log data from the cloud.
Parameter | Description |
---|---|
Log Source Identifier |
Type a unique name for the log source. The Log Source Identifier can be any valid value and does not need to reference a specific server. It can also be the same value as the Log Source Name. If you have more than one configured Blue Coat Web Security Service REST API log source, ensure that you give each one a unique name. |
API Username | The API user name that is used for authenticating with the Blue Coat Web Security Service. The API user name is configured through the Blue Coat Threat Pulse Portal. |
Password | The password that is used for authenticating with the Blue Coat Web Security Service. |
Confirm Password | Confirmation of the Password field. |
Use Proxy |
When you configure a proxy, all traffic for the log source travels through the proxy for QRadar to access the Blue Coat Web Security Service. Configure the Proxy IP or Hostname, Proxy Port, Proxy Username, and Proxy Password fields. If the proxy does not require authentication, you can leave the Proxy Username and Proxy Password fields blank. |
Recurrence | You can specify when the log collects data. The format is M/H/D for Months/Hours/Days. The default is 5 M. |
EPS Throttle |
The maximum number of events per second that QRadar ingests. If your data source exceeds the EPS throttle, data collection is delayed. Data is still collected and then it is ingested when the data source stops exceeding the EPS throttle. The default is 5000. |