Configuring IBM Cloud Activity Tracker to communicate with QRadar

Before you can add a log source in IBM® QRadar®, you must note the values in the event stream topic and service credentials of IBM Cloud® Activity Tracker. You need these values when you configure the log source.

Before you begin

IBM Cloud Activity Tracker must be configured with an event stream service instance that has at least one topic and two service credentials. For more information, see the IBM Cloud documentation topics about Creating an Event Streams service instance, Create a topic, and Create credentials.

Procedure

  1. Log in to IBM Cloud (https://cloud.ibm.com).
  2. From the navigation menu, select Resource List.
  3. Expand Services and Software, then select your event stream instance.
  4. From the Event Streams menu, select Topics. Note the topic name that you want to link to QRadar. You need the topic name when you configure the Topic List parameter in QRadar.
  5. From the menu, select Service credentials.
  6. From the Service credentials list, expand the read service credential. Note the JSON object text. You need the values from the JSON object text when you configure the Bootstrap Server List, SASL Username, and SASL Password parameters in QRadar.
    Tip: For more information about configuring IBM Cloud Activity Tracker to communicate with QRadar, see the Configuring an Event Streams target documentation (https://cloud.ibm.com/docs/atracker?topic=atracker-getting-started-target-event-streams).