Skip to content

Interpres Application - QRadar

  • Type: SIEM/Data Lake
  • Vendor: QRadar

This app integrates with QRadar to get Detections and Alerts.

Vendor setup

  1. Create an authorized service token
  2. Add a role with permission to read rules and offenses.

App Configuration

App Parameters:

  • Base URL: The URL of the QRadar instance. This should be of the form 'https://:'.
  • Secret: An authorized services token.
  • Api Version: QRadar version has a REST API with format XX.X, defaults to 13.0.
  • Proxy: A valid proxy server and port. This should of the form 'http[s]://:'.
  • Verify Server Cert: If enabled Interpres will verify the SSL certificate of the QRadar server.

App Validation

Check there is connectivity (green light) in the integration created.

Implemented Actions

  • Get Detections: Gets Detections (QRadar Rules).

  • Get Alerts: Gets Alerts (QRadar Offenses) which are triggered rules that generate insights.