IBM Security QRadar

Expand all | Collapse all

Universal Cloud Rest API - Redirect URI

  • 1.  Universal Cloud Rest API - Redirect URI

    Posted 4 days ago
    I am trying to register an API client for QRadar in a 3rd party application so QRadar can make REST API calls to fetch logs from the application. While registering an API client on the application, it is asking for Redirect URI and based on my research on OAUTH2, this is the URI on to which the authorization server will send the access token to the client (QRadar). The question is what would be the redirect URI in case of QRadar or how can I create one? 


    ------------------------------
    Rameez Ali
    ------------------------------


  • 2.  RE: Universal Cloud Rest API - Redirect URI

    Posted 2 days ago
    not quite sure how far you got. 3rd party applications need an authorized service token which is not different from IBM supported apps. Pls create a new one for each type of app you have got using admin rights in QRadar and every 3rd party application. The token is supplied to the app or 3rd party application for being able to authorize itself at QRadar and can be supplied to any script to be able to use the REST API if you want to talk to QRadar from outside.
    The token is combined with the URL for accessing QRadar, e.g. siem_sample_offense.sh <ip_address> <auth_token> will enable you to access your offenses
    Your 3rd party application will just work like this.
    Hope this helps


    ------------------------------
    [Karl] [Jaeger] [Business Partner]
    [QRadar Specialist]
    [pro4bizz]
    [Karlsruhe] [Germany]
    [4972190981722]
    ------------------------------



  • 3.  RE: Universal Cloud Rest API - Redirect URI

    Posted 2 days ago
    Thanks Karl for your response. Actually, it is QRadar who will make API calls to the third party application to fetch logs and in order for QRadar to be authorized to fetch logs, it needs an access token. This is the part I am getting confused about that how QRadar will receive this access token when it is internally hosted as I can't mention the redirect URI.

    ------------------------------
    Rameez Ali
    ------------------------------



  • 4.  RE: Universal Cloud Rest API - Redirect URI

    Posted 2 days ago
    Rameez,
    your application should provide the same mechanism as QRadar does to establish an access token. Please refer to you application documentation. If you are using REST API both sides it is best to establish a men-in-the-middle parser to establish communication between apps. If you are integrating a supported logsource pls refer to DSM guide. If you code your own DSM its a bit tricky cause it depends how logs are being exchanged between your application and QRadar.
    Without more details it is difficult to answer your question. You can always provide generic data to outline your problem. No need to parse real data here.

    ------------------------------
    [Karl] [Jaeger] [Business Partner]
    [QRadar Specialist]
    [pro4bizz]
    [Karlsruhe] [Germany]
    [4972190981722]
    ------------------------------