IBM® Security QRadar®
requires that you use an authentication token to authenticate the API calls made by the Manager for
YARA and Sigma Rules app. Use the Manage Authorized Services page on the
Admin tab to create an authorized service token.
About this task
QRadar on Cloud
administrators can learn how to add and manage authorized service tokens by reading https://www.ibm.com/support/knowledgecenter/SSKMKU/com.ibm.qradar.doc/c_qrocss_manageauthservices.html.
Procedure
- On the Admin tab, click Authorized
Services.
- In the Configure Authorized Service Token dialog box, click
Manage Authorized Services.
- In the Manage Authorized Services window, click Add
Authorized Service.
- Add the relevant information in the following fields and click Create
Service:
-
In the Service Name field, type a name for this authorized service. The
name can be up to 255 characters in length.
-
From the User Role list, select
Admin.
-
From the Security Profile list, select the security profile to assign to
this authorized service. The security profile determines the networks and log sources that this
service can access on QRadar.
-
In the Expiry Date list, type or select the date for this service to
expire. If an expiry date is not necessary, select No Expiry.
- Click the row that contains the service you created, select and copy the token string in
the Selected Token field on the menu bar, and close the Manage
Authorized Services window.
- On the YARA and Sigma Rule Manager tab, enter the authorized
service token.
- On the Admin tab, click Deploy
Changes.