You must create an authorized service token to authenticate the background services that
the QRadar DNS Analyzer app uses to request data from your local instance of IBM® QRadar.
About this task
IBM QRadar and the DNS
Analyzer app require that you use authentication tokens to authenticate the API calls that the apps
make.
QRadar® on Cloud
administrators can learn how to add and manage authorized service tokens by reading Manage authorized service tokens.
If you’re a QRadar on
Cloud customer, contact IBM Customer Support to create an authorized service token for you.
Procedure
-
Open the Admin
settings:
- In IBM QRadar V7.3.0 or earlier, click the
Admin tab.
- In IBM QRadar V7.3.1 and later, click the navigation menu
(
), and then click Admin to open the admin tab.
-
In the User Management section, click the Authorized Services
icon.
-
Click Add Authorized Services.
-
Click the row that contains the service you created and then select and copy the token string
from the Selected Token field in the menu bar.
-
Click Add Authorized Services.
-
Configure the following information to create the QRadar DNS Analyzer app service:
-
In the Service Name field, type IBM QRadar DNS Analyzer.
-
From the User Role list, select the Admin user
role.
-
From the Security Profile list, select the security profile that you
want to assign to this authorized service. The security profile determines the networks and log
sources that this service can access on the QRadar user interface.
-
In the Expiry Date list, type or select a date for this service to
expire. If an expiry date is not necessary, select No Expiry.
-
Click Create Service.
- Deploy changes for the new authorized service tokens to take effect.
-
Click the row that contains the service you created and then select and copy the token string
from the Selected Token field in the menu bar.
What to do next
Complete the procedures that are described in Configuring the QRadar DNS Analyzer app settings.