QRadar UBA PIP
When we add or modify IBM Security QRadar User Behavior Analytics (UBA) policy information point (PIP), we configure a connection to the QRadar UBA web service API.
Connection properties
QRadar deployments are configured for TLS v1.2 connections.
- Name
- Identifies the policy information point instance. Use urn:ibm:security:qradar:uba to ensure the QRadar UBA attribute used in the access policy cause the PIP to be called.
- Description
- Describes the policy information point. (Optional)
- Type
- Policy information point type, which is QRadar User Behavior Analytics. (Read only)
- URL
- URL of the QRadar Console Hostname/IP address. For example: https://console.qradar.com
- Application ID
- Application ID of QRadar User Behavior Analytics application. For example: 1234
- SEC Token
- Specifies the QRadar User Behavior Analytics security token as configured by QRadar admin. For example: 912feaf8-fdab-476f-a2a7-a618756c46fd
- Polling Interval
- Time interval, in minutes, when the QRadar UBA server will be polled for risk scores for the users. Default: 2 minutes
- Certificate Database
- If HTTPS is used on the URL, specify the key database for the server SSL certificate. For example, rt_profile_keys. For information about importing SSL certificates to the IBM Security Verify Access data store, see Manage SSL certificates.
Parent topic: Policy information points