Before you configure the app, you must create an authorized service token to authenticate
the API calls made by IBM® Security SOAR.
The authorized service token must have full administrative permissions. If you are using SOAR with the MSSP add-on, the
authorized service token must have permission to access all of the domains used in the mapping.
Procedure
-
To create the authorization token in QRadar®, follow these steps:
-
On the Admin tab, click .
-
In the Authorized Service Management window, click
Add.
-
In the Authorized Service Label field, type a name for the service.
The name can be up to 255 characters in length.
-
In the Security Profile list, select Admin.
The security profile determines the networks and log sources that the service can access on QRadar.
-
In the User Role list, select Admin.
-
In the Expiry Settings, type or select the date and time for this
service to expire. If an expiry date is not necessary, clear the expiry option.
-
Click Save and copy the authorized service token string to a secure
location.
Important: Copy the token string before you close the window. You must have the token
string to configure the app, and you cannot capture it after you close the window.
Important: The authorized service token must have full administrative permissions. If
you cannot create the authorization token with full administrative permissions, contact IBM Support.
-
To create the authorization token in IBM
QRadar on Cloud, follow these steps:
Important: The authorized service token must have full administrative permissions. If
you cannot create the authorization token with full administrative permissions, contact IBM Support.
-
Open the Admin settings, and click QRadar on Cloud Self
Serve.
-
Click Authorized Services Management and then click
Add.
-
In Service Name, type a name for this authorized service.
-
In User Role, select the user role that you want to assign to this
authorized service.
The user roles that are assigned to an authorized service determine the functions that this
service can access in QRadar on Cloud.
-
In Security Profile, select the security profile that you want to assign
to this authorized service.
The security profile determines the networks and log sources that this service can access in QRadar on Cloud.
-
In Expiry Date, type or select a date that you want this service to
expire. If an expiry date is not required, select No Expiry.
-
Click Save.
-
In the Authorized Service Created Successfully dialog box, an authorized
service token is displayed. Copy the token to a secure location, then close the dialog box.
Important: Copy the token string before you close the window. You must have the token
string to configure the app, and you cannot capture it after you close the window.
Results
The authorized service token is created and you can use it to configure the QRadar SOAR Plug-in app.
What to do next
After the authorized service token is created, configure the
app.