Configuring a QRadar data source in Grafana
Configure an external data source for IBM® Security QRadar® in your Grafana instance to communicate with QRadar.
Before you begin
- In your Grafana instance, from the navigation menu, click .
- In the Search field, enter IBM Security QRadar. The status of your IBM Security QRadar AQL Plugin is displayed.
- For more information about the IBM Security QRadar AQL Plugin, click the IBM Security QRadar tile.
To configure a QRadar data source in Grafana, you must complete the following tasks:
- Obtain your QRadar URL from your QRadar instance.
- Collaborate with a QRadar administrator to
obtain a QRadar SSL certificate and authorized service token.Important: QRadar IBM Security QRadar AQL Plugin access to QRadar Ariel databases is based on the role and security profile that are associated with the authorized service token. Minimum permissions that are required for this token are Log Activity and Network Activity.
Procedure
- In your Grafana instance, from the navigation menu, click .
- On the Data sources page, click Add new data source.
- In the Filter by name or type field, enter IBM Security QRadar, and then select IBM Security QRadar.
- In the QRadar Host field, enter your QRadar URL.
- In the QRadar Port field, enter your QRadar port (default is 443).
- In the Results Range field, enter the global results range for all queries (default is 0-49).
- In the Plugin Timeout field, enter a response timeout limit for all queries that are sent by this data source. Timeout value format is xxhxxmxxs (default is 5 m).
- In the Plugin TimeZone field, select a time zone for all queries from the time zone drop down (default is UTC).
- In the SSL Certificate field, enter your QRadar SSL certificate.
- In the Authorized Service Token field, enter your QRadar authorized service token.
- Click Save &
test. If your configuration is successful, a Data source is working message is displayed.