Creating authorized service tokens

You must create authorized service tokens to authenticate the background services that the QRadar® Advisor with Watson™ app uses to request data from your local instance of IBM® QRadar.

Before you begin

QRadar on Cloud administrators can learn how to add and manage authorized service tokens by reading https://www.ibm.com/support/knowledgecenter/SSKMKU/com.ibm.qradar.doc/c_qrocss_manageauthservices.html.

If you’re a QRadar on Cloud customer, contact Customer Support to create an authorized service token for you.

About this task

IBM QRadar requires that you use authentication tokens to authenticate the API calls that the app makes. Use the Manage Authorized Services window to create authentication tokens.

You must have QRadar administrator privileges to create authorized service tokens.
Important: After you submit the authorized service tokens, you must deploy changes for the new authorized service tokens to take effect.
Attention: You can create an admin token and a limited access token for the QRadar Advisor with Watson app.
  • The admin token must be assigned to a role with admin permissions.
  • In order for the limited access user to use QRadar Advisor with Watson to analyze offenses, the limited access token must be assigned a user role with the following permissions:
    • Network Activity
    • Log Activity
    • QRadar Advisor with Watson
    • Define Network Hierarchy under Delegated Administration
    • View VA Data under Assets
    • View Custom Rules under Offenses
    You can configure the limited access token with a security profile that matches the networks, log sources, and domains that you want the app to be able to analyze.

Procedure

  1. On the navigation menu ( Navigation menu icon ), click Admin.
  2. In the Apps section, under QRadar Advisor with Watson, click Configuration.
  3. Click Authorized Service Token in the QRadar Advisor with Watson Configuration wizard.
  4. Click the Manage Authorized Services link.
  5. On the Manage Authorized Services window, click Add Authorized Service.
  6. Add the relevant information in the following fields and click Create Service for each service (Admin and Limited) you want to create:
    1. In the Service Name field, type a name for this authorized service. The name can be up to 255 characters in length.
    2. From the User Role list, select the appropriate role for the user type.
    3. From the Security Profile list, select the security profile that you want to assign to this authorized service. The security profile determines the networks and log sources that this service can access on the QRadar user interface.
    4. In the Expiry Date list, type or select a date that you want this service to expire. If an expiry date is not necessary, select No Expiry.
  7. Click the row that contains the service you created, select and copy the token string from the Selected Token field in the menu bar, and close the Manage Authorized Services window.
  8. Deploy changes for the new authorized service tokens to take effect.
  9. Return to the Authorized Service Token section of the QRadar Advisor with Watson Configuration Wizard.
  10. Paste the Admin token string into the Admin Token field.
  11. Paste the Limited token string into the Limited Access Token field.
    Token screen
  12. Click Submit.