Configuring the connection to QRadar on Cloud

Users with an Administrator role for IBM® QRadar Proxy can connect to an IBM QRadar on Cloud deployment so that the platform can connect to QRadar® APIs from that deployment.

Before you begin

To connect to QRadar on Cloud from QRadar Proxy, you need the following information:

  • Host name. To find the information, in QRadar on Cloud, go to the Admin tab, open the IBM QRadar on Cloud Self-Serve app, and click Deployment.
  • Host port. For more information, see QRadar port usage (https://www.ibm.com/docs/en/qradar-on-cloud?topic=qradar-port-usage).
  • Authentication token. For more information, see Adding an authorized service token (https://www.imb.com/docs/en/qradar-on-cloud?topic=tokens-adding-authorized-service-token).

About this task

Important:

You must use the QRadar on Cloud Self-Serve app to allow the public IP address for the platform to access QRadar on Cloud. For more information, see Allowing an IP address (https://www.ibm.com/docs/en/SSKMKU/com.ibm.qradar.doc/t_qrocss_addwhitelist.html).

Only one QRadar on Cloud deployment can be used per platform account. For example, if you're a managed service provider that manages several customer accounts, use a different platform account to access each QRadar deployment.

Procedure

  1. Go to Menu > Connections > QRadar Proxy, and select the deployment that you want to connect to.
  2. To access QRadar APIs, specify a connection name and description for the connection.
  3. Configure the connection by specifying the QRadar Management IP address or hostname and port for the data source.
    Important: Access to the supported apps is provided outside of the context of the platform, so a username and password is not required.
  4. Optional: Enter a Service Authentication Token. This token is used for background system services, such as IBM Detection and Response Center, and is also referred to as the SEC token.
  5. Enter a user authentication token to use the QRadar APIs. If you are a QRadar Proxy Administrator, you can alternatively select the checkbox to use the Service Authentication Token instead of entering your own user token.
  6. Click Save, and then verify that the connection is successful by checking the status in the navigation panel.

Results

If you no longer need the proxy connection, you can remove it on the QRadar Proxy page. Users will not be able to connect with the proxy until a new connection is configured.

What to do next

Adding a QRadar Proxy authentication token to access QRadar dashboards