Configuring IBM QRadar connector sources

Use QRadar connector to connect to QRadar® REST-compliant web services. QRadar connector is based on Apache NiFi-platform and uses REST API for data retrieval.

Before you begin

  • Ensure that the web service that you want to connect is up and running.
  • For the sample request, if you need to provide custom headers, then ensure that you have that information available with you. Custom headers are request headers that are needed to retrieve REST API information from a web service. For example, Authorization request headers or Accept-Charset request headers. Authorization request headers contain authorization information that is required by the web services. Accept-Charset indicates the acceptable data characters that the response must contain.

Procedure

Complete the following steps to add QRadar REST-compliant web services by using QRadar connector:

  1. Open Dashboard Designer.
  2. In the navigation pane, go to Connector & Sources > Connector Sources.
  3. In the Connector Sources tab, click Add Source.

    An Add Connector Source window is displayed.

  4. From the Connector Type list, select QRadar connector.
  5. In the Connector Source Name field, enter a name for QRadar source.

    Source name can contain alphanumeric characters and underscores.

  6. In the Endpoint URL field, enter URL details for QRadar web service in the following format:

    https://server_IP_or_HOSTNAME/api

    Where, server_IP_or_HOSTNAME is the IP address or host name of the server where the web service is hosted.

  7. From the Authentication type list, select None or Basic Authentication based on whether user name and password are configured during the installation of the web service.
    If you select Basic Authentication, then you must complete the following steps:
    1. In the User name field, enter a user name that is used during the configuration of the web service.
    2. In the Password field, enter a password that is used during the configuration of the web service.
  8. Click Next.
  9. From the Method list, select GET method, and in the URI field, enter the uniform resource identified (URI) for QRadar source.
    For example, URI

    Where, URI is the resource URI.

  10. Click Save.
  11. To make sure that the connection to QRadar data source is successful, click Test Connection.
    If the source details and the sample request are valid and complete, then a message to indicate that the connection is successful is displayed. For connection failure messages, you must fix the errors that are mentioned in the messages and test the connection again.
    Note: Even if the source details are valid, a connection failure message might be displayed due to an invalid response received for the sample request.

Results

The QRadar web service is added and can be used to create your custom data definitions.