Before you start consuming the data over the Universal REST API endpoint, you must create
an authorized service token. The token is used in the header of a request for the endpoint, and also
during app configuration.
About this task
IBM®
QRadar® on Cloud administrators can
learn how to add and manage authorized service token by reading Authorized service tokens. If you're a QRadar on
Cloud customer, contact Customer
Support to create an authorized service token for you.
Procedure
-
On the QRadar
Console, click
.
-
On the Authorized Service Management page, click
Add.
-
Add the relevant information in the following fields:
-
In the Authorized Service Label field, type a name for this authorized
service. The name can be up to 255 characters in length.
-
From the Security Profile list, select the security profile that you
want to assign to this authorized service. The security profile determines the networks and log
sources that this service can access on the QRadar Console.
-
From the User Role list, select the Admin user
role.
-
In the Expiry Settings section, type or select a date that you want this
service to expire. If an expiry date is not necessary, switch the expiry toggle to
Off.
-
Click Save.
The confirmation message contains a token that you need when you add an alert data source in your
IBM Security
QRadar Suite SaaS product. Copy the
authorized service token to a text editor for secure storage. The token cannot be made visible after
you close the dialog. You use the token in step 4b of Ingesting QRadar offense alerts by creating an ingestion data source.
- Close the Authorized Service Management page.
- On the Admin tab, click Deploy
Changes.