Setting up QRadar integration

Configure these settings to enable integration with Security QRadar®.

Before you begin

You must have Configure QRadar Integration permission to configure the integration. Your Product Administrator can assign these permissions to you as a custom user type.

About this task

User role: Product Administrator

Procedure

  1. Go to Administration > Network Security Systems > QRadar Integration Settings.
  2. Select the integration checkbox.
    Note: The Existing Published Reports list displays any reports that have previously been published. If they are no longer necessary, you can remove them from the list for the next time you publish results to QRadar. You must have Publish to QRadar permissions for this task.
  3. Go to the Application Deployment Mapping page, edit the options to map the application test domain to the domain of the deployed application.
    Note:
    1. The application deployment mapping settings apply to all types of network security system integrations.
    2. The mapping is done on a one to many basis. For example, if there is a vulnerability on altoromutual.com, the application is deployed on five different machines, then you actually have five vulnerabilities, rather than one.

      mapping

      Application test location (host, pattern, or IP address) Application production location (IPv4 address)
      test1.altoromutual.com ServerIPv4Address1
      test1.altoromutual.com ServerIPv4Address2
      test1.altoromutual.com ServerIPv4Address3
      test1.altoromutual.com ServerIPv4Address4
      test1.altoromutual.com ServerIPv4Address5