Blue Coat Web Security Service REST API protocol configuration options

To receive events from Blue Coat Web Security Service, configure a log source to use the Blue Coat Web Security Service REST API protocol.

The Blue Coat Web Security Service REST API protocol is an outbound/active protocol that queries the Blue Coat Web Security Service Sync API and retrieves recently hardened log data from the cloud.

The following table describes the protocol-specific parameters for the Blue Coat Web Security Service REST API protocol:
Table 1. Blue Coat Web Security Service REST API protocol parameters
Parameter Description
Log Source Identifier

Type a unique name for the log source.

The Log Source Identifier can be any valid value and does not need to reference a specific server. It can also be the same value as the Log Source Name. If you have more than one configured Blue Coat Web Security Service REST API log source, ensure that you give each one a unique name.

API Username The API user name that is used for authenticating with the Blue Coat Web Security Service. The API user name is configured through the Blue Coat Threat Pulse Portal.
Password The password that is used for authenticating with the Blue Coat Web Security Service.
Confirm Password Confirmation of the Password field.
Use Proxy

When you configure a proxy, all traffic for the log source travels through the proxy for QRadar to access the Blue Coat Web Security Service.

Configure the Proxy IP or Hostname, Proxy Port, Proxy Username, and Proxy Password fields. If the proxy does not require authentication, you can leave the Proxy Username and Proxy Password fields blank.

Recurrence You can specify when the log collects data. The format is M/H/D for Months/Hours/Days. The default is 5 M.
EPS Throttle

The maximum number of events per second that QRadar ingests.

If your data source exceeds the EPS throttle, data collection is delayed. Data is still collected and then it is ingested when the data source stops exceeding the EPS throttle.

The default is 5000.