Configuring QRadar Offenses Forwarder
The IBM® QRadar Offenses Forwarder app makes several API calls to QRadar® APIs to generate the offense alert.
You must have an authorized service token so that QRadar Offenses Forwarder can authenticate the QRadar API calls. For more information, see Creating an authorized service token.
Before you begin
- On the Admin tab, click QRadar Offenses Forwarder.
- On the App Configuration tab, copy the authorized service token string into the SEC Token field and click Submit.
- Set the Event Limit that runs the number of events for every
offense that is stored on QRadar. The maximum value is 500.
- Click Validate configuration.
- On the Admin page, click Deploy Changes so that the new token works with the app.
You see a message that QRadar Offenses Forwarder is configured successfully.
Assigning user permissions for QRadar Offenses Forwarder