Authorized services

Kaspersky Threat Feed App uses the QRadar RESTful API to interact with QRadar. To authenticate API calls to QRadar Console, the QRadar RESTful API uses either authorized services or QRadar users. This section describes how to add an authorized service and receive an authorization token associated with it.

The main difference between using a QRadar user login and password and using a token is the following: when you create a new user, it exists until you explicitly remove it, while a token is usually assigned a period during which it is valid.

To add an authorized service:

  1. In QRadar Console, select the Admin tab.
  2. In the left navigation pane, click System Configuration.
  3. In the right pane, under User Management click Authorized Services.

    The Manage Authorized Services window opens.

  4. Click the Add Authorized Service button.

    The Add Authorized Service window opens.

    Add Authorized Service window

  5. In the Service Name field, type a name for this authorized service (for example, Kaspersky Data Feeds App).

    The name can be up to 255 characters in length.

  6. From the User Role drop-down list, select the Admin user role to assign to this authorized service.

    The user roles that are assigned to an authorized service determine the functions to which this service can gain access through the QRadar user interface.

  7. From the Security Profile drop-down list, select the Admin security profile to assign to this authorized service.

    The security profile determines the networks and log sources that this service can access through the QRadar user interface.

  8. In the Expiry Date field, type or select a date of expiration for this service. If a date of expiration is not required, select No Expiry.
  9. Click Create Service.

    A confirmation message appears containing a token field that you must copy into your vendor software to authenticate with QRadar.

More information about authorized services is available at https://www.ibm.com/support/knowledgecenter/SS42VS_7.3.0/com.ibm.qradar.doc/t_qradar_adm_add_auth_serv.html.

After you add an authorized service, QRadar notifies you whether the changes must be deployed.

To deploy the changes:

  1. In QRadar Console, select the Admin tab.
  2. Click Deploy Changes.
Page top