Creating an authentication token for WinCollect agents

Third-party or external applications that interact with IBM® Security QRadar® require an authentication token. Before you install managed WinCollect agents in your network, you must create an authentication token.

An authentication token is not required for stand-alone WinCollect agents, such as those used in IBM QRadar on Cloud, but every managed WinCollect agent must use an authentication token.

The authentication token allows managed WinCollect agents to exchange data with QRadar appliances. Create one authentication token to use for all of your managed WinCollect agents that communicate events with QRadar. If the authentication token expires, the WinCollect agent cannot receive log source configuration changes or code updates.

About this task

Note: This capability is not available in IBM QRadar on Cloud.

Procedure

  1. Click the Admin tab.
  2. On the navigation menu, click System Configuration.
  3. Click the Authorized Services icon.
  4. Click Add Authorized Service.
  5. In the Manage Authorized Services window, configure the parameters.
    Table 1. Add Authorized Services parameters
    Parameter Description
    Service Name The name can be up to 255 characters in length, for example, WinCollect Agent.
    User Role

    Select WinCollect.

    For more information about user roles, see the IBM Security QRadar SIEM Administration Guide.
    Expiry Select No Expiry.
  6. Click Create Service.
  7. Record the token value.