Configuring cloud service providers to communicate with QRadar Cloud Visibility

To use the QRadar® Cloud Visibility app, you must configure the cloud service providers that you want to include in the app.

Before you begin

You must have QRadar administrator privileges to configure the app. Make sure that you download the content extensions that you want to view in QRadar Cloud Visibility before you configure the app.

Procedure

  1. From the Admin tab, click Apps.
  2. In the Cloud Visibility section, and then click Configuration.
  3. On the General tab, enter the authentication token in the Token field.
  4. If necessary, you can change the default settings for the dashboards to display the maximum number of recent offenses and recent events for each cloud service provider.
    1. Select the maximum number of offenses (active, open, and closed) that are displayed in the dashboard for each cloud service provider. The default is 500.
      When offenses are retrieved, they are sorted by the last updated date. If the maximum number of offenses is exceeded, the oldest offenses are omitted.
    2. Select the maximum number of events per offense query. The default is 1000.
      Queries are continuously run for every offense that is displayed on the dashboard. A random sampling of events is retrieved for every query unless you choose the Unlimited option.
    3. Select the maximum number of minutes allowed per offense. The default is 5.
      For every offense that is considered, an Ariel query is run to obtain the properties that are displayed on the dashboard.
      Important: Increasing the value can increase longer load times. Increase the load time only when you have offenses with unusually large number of events and you want to include those results in the dashboard.
    4. Select the maximum age of events for an offense’s initial event query. Event data from events older than the selected maximum age of the events at the time of the offense's initial event query is not displayed on the dashboard. Data that is collected from subsequent queries is aggregated with data from previous queries that are performed on the offense. Data shown on the dashboard after an offense’s first query might include data that exceeds the age that is selected.
    5. To free up memory in the database, you can regenerate the dashboard offense data cache by clicking Reset.
      Regenerating the dashboard data might take some time.
  5. Choose which cloud services you want to use in the app.
    Note: You must pick at least one of the cloud services, or you get an error message.
  6. Click Set to save your changes.

What to do next

Configure specific cloud service providers for your environment.