Connecting to QRadar apps and APIs

IBM® QRadar® Proxy provides communication between IBM Security QRadar Suite Software and IBM QRadar or IBM QRadar on Cloud.

This communication uses APIs to pull QRadar data into the QRadar SIEM dashboards and other dashboards with QRadar data. It also provides access to supported versions of QRadar apps, such as QRadar User Behavior Analytics, within the context of QRadar Suite Software. If you're accessing QRadar on Cloud, or you're using SAML for authentication to QRadar, then access to the supported apps is provided outside of the context of QRadar Suite Software.

Administrators use the QRadar Proxy configuration to enter connection settings that enable the communication. QRadar authorized service tokens are used for pulling QRadar data into widgets such as dashboards. The username and password are used to access supported QRadar apps.

Important: In QRadar Suite Software 1.4 or later, only one QRadar deployment can be used per QRadar Suite Software account. For example, if you're a managed service provider that manages several customer accounts, use a different QRadar Suite Software account to access each QRadar deployment.

Authorized service tokens

The authorization token that you use in QRadar Proxy must be associated in QRadar with the appropriate user role and permissions.

The user roles that are assigned to an authorized service in QRadar determine the functions that each user can access in QRadar. For more information about QRadar user roles, see User roles.

The security profile in QRadar determines the networks and log sources that each user can access in QRadar. The security profile is associated with the domain, which determines tenant access. For more information about QRadar security profiles, see Security profiles.

Important: If more than one user has the same combination of user role and security profile, they can share the same token because the access is the same.

Communication workflow

The following workflow describes the steps and user roles to set up communication between QRadar Suite Software and QRadar.
  1. Administrators change the default configuration in QRadar before they integrate QRadar Suite Software and QRadar. Otherwise, the IBM QRadar Proxy app might be locked out for all QRadar Suite Software users. See Preventing lockout from QRadar.
  2. Administrators configure the connection to their QRadar deployment:
  3. Administrators and users add an authentication token so that they can access QRadar dashboards. See Adding a QRadar Proxy authentication token to access QRadar dashboards.
  4. Administrators and users add their username and password so that they can access QRadar apps. See Adding a QRadar username and password to access QRadar apps.