Installing the QRadar Offenses Forwarder app

To send or collect offense alerts from QRadar® to your IBM® QRadar Suite SaaS product, you must install and configure the IBM Security QRadar Offenses Forwarder app.

Before you begin

You must have administrator privileges to install and configure the app.

Before you install the app, ensure that the QRadar Offenses Forwarder meets the minimum memory (RAM) requirements. QRadar Offenses Forwarder requires 200 MB of free memory from the application pool of memory. If QRadar Offenses Forwarder fails to install, then your application pool does not have enough free memory to run the app. Consider adding an App Host to your QRadar deployment. For more information about calculating the required memory, see Apps and Resource Limitation (https://ibm.com/support/pages/qradar-apps-and-resource-limitation).

Procedure

  1. Choose one of the following methods to download your app:
    • If the IBM QRadar Assistant app is configured on QRadar, use the following instructions to install QRadar Offenses Forwarder: QRadar Assistant app (https://www.ibm.com/support/knowledgecenter/SS42VS_SHR/com.ibm.apps.doc/t_qradar_adm_assistant_download.html).
    • If the QRadar Assistant app is not configured, download the QRadar Offenses Forwarder app archive from the IBM Security App Exchange (https://apps.xforce.ibmcloud.com/) onto your local computer. You must have an IBMid to access the App Exchange.
  2. If you downloaded the app from the App Exchange, complete the following steps:
    1. On the QRadar Console, click Admin > Extensions Management.
    2. In the Extension Management window, click Add and select the app archive that you want to upload to the console.
    3. Select the Install immediately checkbox.
      Important: You might have to wait several minutes before your app becomes active.
    4. To preview the contents of an app after it is added and before it is installed, select it from the list of extensions, and click More Details. Expand the folders to view the individual content items in each group.
  3. From the Admin tab, click Extensions Management > Add.
  4. Click Browse, find and select the compressed .zip file that you downloaded, then click Add.
    The Validating Install message displays, then the installation details display.
  5. Click Install.
    The Installing Extension message displays.
    Important: If you see a Confirm installation message that the extension is not digitally signed, you can ignore the message and continue with the installation.

What to do next

Creating an authorized service token