Blue Coat Web Security Service REST API protocol configuration options
To receive events from Blue Coat Web Security Service, configure a log source to use the Blue Coat Web Security Service REST API protocol.
The Blue Coat Web Security Service REST API protocol is an outbound/active protocol that queries the Blue Coat Web Security Service Sync API and retrieves recently hardened log data from the cloud.
| Parameter | Description |
|---|---|
| Log Source Identifier |
Type a unique name for the log source. The Log Source Identifier can be any valid value and does not need to reference a specific server. It can also be the same value as the Log Source Name. If you have more than one configured Blue Coat Web Security Service REST API log source, ensure that you give each one a unique name. |
| API Username | The API user name that is used for authenticating with the Blue Coat Web Security Service. The API user name is configured through the Blue Coat Threat Pulse Portal. |
| Password | The password that is used for authenticating with the Blue Coat Web Security Service. |
| Confirm Password | Confirmation of the Password field. |
| Use Proxy |
When you configure a proxy, all traffic for the log source travels through the proxy for QRadar® to access the Blue Coat Web Security Service. Configure the Proxy IP or Hostname, Proxy Port, Proxy Username, and Proxy Password fields. If the proxy does not require authentication, you can leave the Proxy Username and Proxy Password fields blank. |
| Recurrence | You can specify when the log collects data. The format is M/H/D for Months/Hours/Days. The default is 5 M. |
| EPS Throttle | The upper limit for the maximum number of events per second (EPS). The default is 5000. |