Creating an authorized service token

You must create an authorized service token to authenticate the background polling service that IBM® QRadar® Threat Intelligence uses to request data from IBM QRadar.

About this task

QRadar on Cloud administrators can learn how to add and manage authorized service tokens by reading Manage authorized service tokens.

Important:

For QRadar on Cloud customers, the QRadar Threat Intelligence app requires an Admin token that can only be created by IBM customer support to ensure proper functionality of app.

Applications that do not require an Admin token can use a Security Admin token which can be created in the Self Server App.

Procedure

  1. On the Threat Intelligence page, click Add Threat Feed > Configuration.
  2. On the Configuration page, click the Create an authorized service token link to open the Manage Authorized Services window.
  3. On the Manage Authorized Services page, click Add Authorized Service.
  4. Add the relevant information in the following fields and click Create Service:
    1. In the Service Name field, type a name for this authorized service. The name can be up to 255 characters in length.
    2. From the Security Profile list, select the security profile that you want to assign to this authorized service. The security profile determines the networks and log sources that this service can access on the QRadar user interface.
    3. From the User Role list, select the Admin user role.
    4. In the Expiry Date list, type or select a date that you want this service to expire. If an expiry date is not necessary, select No Expiry.
  5. Click the row that contains the service you created, select and copy the token string from the Selected Token field in the menu bar to a text file, and close the Manage Authorized Services window.
    You use the same authorized service token when you configure the Threat Feeds Downloader. For more information, see Configuring the Threat Feeds Downloader
  6. On the Configuration page, paste the authorized service token string into the Authorized Service Token field, and click Save.

Results

After you add an authorized service token, the Add TAXII Feed option becomes available in the Add Threat Feed menu. Use it to configure TAXII server information.