IBM Security QRadar

I am trying to register an API client for QRadar in a 3rd party application so QRadar can make REST API calls to fetch logs from the application. While registering an API client on the application, it is asking for Redirect URI and based on my research on OAUTH2, this is the URI on to which the authorization server will send the access token to the client (QRadar). The question is what would be the redirect URI in case of QRadar or how can I create one? 


------------------------------
Rameez Ali
------------------------------

not quite sure how far you got. 3rd party applications need an authorized service token which is not different from IBM supported apps. Pls create a new one for each type of app you have got using admin rights in QRadar and every 3rd party application. The token is supplied to the app or 3rd party application for being able to authorize itself at QRadar and can be supplied to any script to be able to use the REST API if you want to talk to QRadar from outside.
The token is combined with the URL for accessing QRadar, e.g. siem_sample_offense.sh <ip_address> <auth_token> will enable you to access your offenses
Your 3rd party application will just work like this.
Hope this helps


------------------------------
[Karl] [Jaeger] [Business Partner]
[QRadar Specialist]
[pro4bizz]
[Karlsruhe] [Germany]
[4972190981722]
------------------------------

Original Message:
Sent: Wed January 13, 2021 12:28 PM
From: Rameez Ali
Subject: Universal Cloud Rest API - Redirect URI

I am trying to register an API client for QRadar in a 3rd party application so QRadar can make REST API calls to fetch logs from the application. While registering an API client on the application, it is asking for Redirect URI and based on my research on OAUTH2, this is the URI on to which the authorization server will send the access token to the client (QRadar). The question is what would be the redirect URI in case of QRadar or how can I create one? 


------------------------------
Rameez Ali
------------------------------

Thanks Karl for your response. Actually, it is QRadar who will make API calls to the third party application to fetch logs and in order for QRadar to be authorized to fetch logs, it needs an access token. This is the part I am getting confused about that how QRadar will receive this access token when it is internally hosted as I can't mention the redirect URI.

------------------------------
Rameez Ali
------------------------------

Original Message:
Sent: Fri January 15, 2021 10:33 AM
From: Karl Jaeger
Subject: Universal Cloud Rest API - Redirect URI

not quite sure how far you got. 3rd party applications need an authorized service token which is not different from IBM supported apps. Pls create a new one for each type of app you have got using admin rights in QRadar and every 3rd party application. The token is supplied to the app or 3rd party application for being able to authorize itself at QRadar and can be supplied to any script to be able to use the REST API if you want to talk to QRadar from outside.
The token is combined with the URL for accessing QRadar, e.g. siem_sample_offense.sh <ip_address> <auth_token> will enable you to access your offenses
Your 3rd party application will just work like this.
Hope this helps


------------------------------
[Karl] [Jaeger] [Business Partner]
[QRadar Specialist]
[pro4bizz]
[Karlsruhe] [Germany]
[4972190981722]

Original Message:
Sent: Wed January 13, 2021 12:28 PM
From: Rameez Ali
Subject: Universal Cloud Rest API - Redirect URI

I am trying to register an API client for QRadar in a 3rd party application so QRadar can make REST API calls to fetch logs from the application. While registering an API client on the application, it is asking for Redirect URI and based on my research on OAUTH2, this is the URI on to which the authorization server will send the access token to the client (QRadar). The question is what would be the redirect URI in case of QRadar or how can I create one? 


------------------------------
Rameez Ali
------------------------------

Rameez,
your application should provide the same mechanism as QRadar does to establish an access token. Please refer to you application documentation. If you are using REST API both sides it is best to establish a men-in-the-middle parser to establish communication between apps. If you are integrating a supported logsource pls refer to DSM guide. If you code your own DSM its a bit tricky cause it depends how logs are being exchanged between your application and QRadar.
Without more details it is difficult to answer your question. You can always provide generic data to outline your problem. No need to parse real data here.

------------------------------
[Karl] [Jaeger] [Business Partner]
[QRadar Specialist]
[pro4bizz]
[Karlsruhe] [Germany]
[4972190981722]
------------------------------

Original Message:
Sent: Fri January 15, 2021 10:45 AM
From: Rameez Ali
Subject: Universal Cloud Rest API - Redirect URI

Thanks Karl for your response. Actually, it is QRadar who will make API calls to the third party application to fetch logs and in order for QRadar to be authorized to fetch logs, it needs an access token. This is the part I am getting confused about that how QRadar will receive this access token when it is internally hosted as I can't mention the redirect URI.

------------------------------
Rameez Ali

Original Message:
Sent: Fri January 15, 2021 10:33 AM
From: Karl Jaeger
Subject: Universal Cloud Rest API - Redirect URI

not quite sure how far you got. 3rd party applications need an authorized service token which is not different from IBM supported apps. Pls create a new one for each type of app you have got using admin rights in QRadar and every 3rd party application. The token is supplied to the app or 3rd party application for being able to authorize itself at QRadar and can be supplied to any script to be able to use the REST API if you want to talk to QRadar from outside.
The token is combined with the URL for accessing QRadar, e.g. siem_sample_offense.sh <ip_address> <auth_token> will enable you to access your offenses
Your 3rd party application will just work like this.
Hope this helps


------------------------------
[Karl] [Jaeger] [Business Partner]
[QRadar Specialist]
[pro4bizz]
[Karlsruhe] [Germany]
[4972190981722]

Original Message:
Sent: Wed January 13, 2021 12:28 PM
From: Rameez Ali
Subject: Universal Cloud Rest API - Redirect URI

I am trying to register an API client for QRadar in a 3rd party application so QRadar can make REST API calls to fetch logs from the application. While registering an API client on the application, it is asking for Redirect URI and based on my research on OAUTH2, this is the URI on to which the authorization server will send the access token to the client (QRadar). The question is what would be the redirect URI in case of QRadar or how can I create one? 


------------------------------
Rameez Ali
------------------------------