Configuring polling

You can use the Configuration Options dialog to configure the Incident Overview app's polling options.

About this task

When you first install the Incident Overview app, it runs in live mode and it polls QRadar in real time by using only the browser session. The data that the app receives is not persisted in live mode and it is lost when you refresh or close the browser window. If you want to use the Incident Overview app to store the last hour's data in its internal cache, you must configure the options on the Polling tab.

Procedure

  1. On the Incident Overview window, click Configure to open the Configuration Options window.
  2. Ensure that you pasted the authorized service token string into the Authorization Token field.
  3. Configure X-Force API tokens by following the instructions on the Configuration Options page.
    1. You must have an IBM ID to use the X-Force Exchange API. Register for an IBM ID (https://www.ibm.com/account/profile/).
    2. Log in to X-Force Exchange ( https://exchange.xforce.ibmcloud.com/) by using your IBM ID to create an API key and password.
    3. Click the profile icon in the upper right of the X-Force Exchange home page.
    4. Click Settings in the lower left of the page.
    5. Click API Access in the Settings navigation area to view the API details page.
    6. Click Generate to create a new API Key and Password.
    7. Copy the API key and the API password and paste them into the corresponding fields on the Configurations Options dialog.
  4. Configure the following options on the Polling tab:
    Update interval
    Defines how often the app polls QRadar for new offense data. The default value is 10 minutes. The minimum value that you can set is 2 minutes.
    Clean-up interval
    Use this field to define how long offense data is persisted by the application. The default value is 120 minutes. The minimum value that you can set is 60 minutes.
    Offense API Filter
    Use this field to apply Offense API filters to offenses that are returned by QRadar. For more information about Offenses API filters, see Offense API filters.
    Offense API Limit
    Use this field to limit the number of offenses that can be displayed. The default value is 100 offenses. The maximum value that you can set is 200 offenses.
  5. Click Save.
  6. To add a proxy for internet access, click the Proxy tab and then enter the proxy details.

What to do next

If you want to use the app's IP location map feature, see Configuring IP location of the QRadar Incident Overview app.