IBM Support

App Authorization with QRadar

How To


Summary

Apps use authorization service tokens to authorize access to QRadar resources.

Configure authorization parameters in the authentication section of the manifest file. The only mandatory entry is for the requested_capabilities. When an application with this authorization parameter is installed via extension management the app will not be created until authorization is completed through the Application Assistant App.

Steps

The following example shows the authentication section in the manifest file.

"authentication": {
  "oauth2": {
    "authorisation_flow": "CLIENT_CREDENTIALS",
    "requested_capabilities": [
      "SEM"
    ]
  }
}

The authorisation_flow entry is optional. The only accepted value is CLIENT_CREDENTIALS

If the authorization is not configured as CLIENT_CREDENTIALS, the installation fails and returns the following message:

OAuth flow type X is not currently supported

The requested_capabilities must contain at least one entry. It provides the capability or permissions that the app needs to function in QRadar. The app installation fails if the requested_capabilities capability that is configured is not listed in QRadar.

The user would navigate to the Application Assistant app and select a user which has the capabilities requested by the app e.g. a user with the SEM capability from the example above.

On selecting authorization the instance will be created along with an authorized service token matching the app instance id and the selected user's role. The app will then have access to that authorized service token for making QRadar resource requests

Note: Authorized service creation requires a deploy so after an app installation the user will need to perform a deploy to enable the authorized service token

Document Location

Worldwide

[{"Line of Business":{"code":"LOB24","label":"Security Software"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSBQAC","label":"IBM Security QRadar SIEM"},"ARM Category":[{"code":"a8m0z000000cwt3AAA","label":"QRadar Apps"}],"ARM Case Number":"","Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"All Version(s)"}]

Document Information

Modified date:
30 March 2021

UID

ibm16437491