Configuring QRadar Offenses Forwarder

The IBM® QRadar Offenses Forwarder app makes several API calls to QRadar® APIs to generate the offense alert.

Before you begin

You must have an authorized service token so that QRadar Offenses Forwarder can authenticate the QRadar API calls. For more information, see Creating an authorized service token.


  1. On the Admin tab, click QRadar Offenses Forwarder.
  2. On the App Configuration tab, copy the authorized service token string into the SEC Token field and click Submit.
  3. Set the Event Limit that runs the number of events for every offense that is stored on QRadar.
    The maximum value is 500.
  4. Click Validate configuration.
  5. On the Admin page, click Deploy Changes so that the new token works with the app.


You see a message that QRadar Offenses Forwarder is configured successfully.

What to do next

Assigning user permissions for QRadar Offenses Forwarder