Hi DB,
Before you run the integration on your Now Platform® instance, complete these installation and configuration steps so the application properly integrates with the Security Incident Response and Security Operations products on your Now Platform instance.
Before you begin
Procedure
- In the Offense Ingestions Configuration dialog that is displayed, fill in the fields.
Field Description Name Name of the IBM QRadar console or the IBM QRadar instance used for the integration. Spaces are supported for names, but parentheses are not supported.
IBM QRadar API Base URL Host URL for your IBM QRadar instance. Note: You need to enter only the URL and the port number here. For example, https://ibm-qradar.com:8443. If the port number is 443, it need not be explicitly entered.IBM QRadar Dashboard URL The URL for the IBM QRadar dashboard or the console. This URL is used to auto construct the hyperlinks for offenses in the IBM QRadar dashboard. Enter only the host URL, for example, https://qradar.com. Do not include the .jsp in the URL, for example, https://qradar.com/console/qradar/jsp/QRadar.jsp is an invalid format.
Note: If the dashboard URL is not available, enter the IBM QRadar API Base URL here.IBM QRadar API Version Version 10 and above are supported. IBM QRadar API Authorized Service Token (on premises) The IBM QRadar authorized service token is used for authentication. The authorized service token must have Admin user role and Admin security profile. To generate the authorized service token, follow these steps:- In the IBM QRadar console, navigate to the Admin tab and click Authorized Services.
- If a valid authorized service token exists, check the expiry date and use this token.
If an authorized service token is not available, follow these steps:- In the IBM QRadar, navigate to the Admin tab and click Authorized Service.
- Click Add Authorized Service and create a token with the Admin user role and Admin security profile. Ensure that you specify an expiry date for a long validity period.
IBM QRadar API Authorized Service Token (for QRoC) If you are using IBM QRadar on Cloud (QRoC), use the self service application to generate the authorized service token with admin user role and admin security profile for authentication. On Premises Deployment Default is disabled. If this option is enabled, you must specify a MID Application Name.
If you are using IBM QRadar on Cloud (QRoC), verify that the check box is cleared.
MID Application Name Specify a MID Server Application that is set up in your environment. If you do not have a Mid Server Application configured,you must create a new MID Server application for this integration. Note: The MID Server Application can be configured only by users with system administrator role.To create a new MID Server Application, follow these steps:- Navigate to and click New.
- Enter a name for the MID Server Application and select a MID Server to be used as the default.
- Deselect the Included in application ALL check box and click Save.
- Click Edit. In the Edit Members page, select all available MID Servers, move them to the MID Servers List, and click Save. Depending on the availability, one of the MID Servers configured with the MID Server Application will be used.
- Enter the configuration details and specify the MID Server Application you have created.
The source that you configure on the IBM QRadar Offense Ingestion Configuration form can be reused for multiple Now Platform profiles as long as each profile ingests offenses.
What to do next
Mark my answer correct & Helpful, if Applicable.
Thanks,
Sandeep
And Yes its Paid !!
You can also get the Plugin from the traditional way > Navigate to Plugins and look for IBM QRADAR
Mark my answer correct & Helpful, if Applicable.
Thanks,
Sandeep
