Kaspersky Threat Feed App uses the QRadar RESTful API to interact with QRadar. To authenticate API calls to QRadar Console, the QRadar RESTful API uses either authorized services or QRadar users. This section describes how to add an authorized service and receive an authorization token associated with it.
The main difference between using a QRadar user login and password and using a token is the following: when you create a new user, it exists until you explicitly remove it, while a token is usually assigned a period during which it is valid.
To add an authorized service:
The Manage Authorized Services window opens.
The Add Authorized Service window opens.
Add Authorized Service window
Kaspersky Data Feeds App
).The name can be up to 255 characters in length.
The user roles that are assigned to an authorized service determine the functions to which this service can gain access through the QRadar user interface.
The security profile determines the networks and log sources that this service can access through the QRadar user interface.
A confirmation message appears containing a token field that you must copy into your vendor software to authenticate with QRadar.
More information about authorized services is available at https://www.ibm.com/support/knowledgecenter/SS42VS_7.3.0/com.ibm.qradar.doc/t_qradar_adm_add_auth_serv.html.
After you add an authorized service, QRadar notifies you whether the changes must be deployed.
To deploy the changes: