Authenticated Proxy for X-Force in QRadar

Author(s): László Czap, Péter Tusnády | Created: 28 May 2023 | Last modified: 28 May 2023
Tested on: -

Authenticated Proxy for X-Force in QRadar

When you want to enable X-Force updates through a proxy that requires basic authentication you need to follow the steps from this tech note:

If you are lucky, it works and you don't even notice that actually some calls are made to the QRadar Console from the QRadar Console through the proxy. Weird. If your proxy is more picky - as it was in our case, it does not allow this connection and you see that the feed update does not work. You must change two more config files to avoid this. Edit the files:


Both files contain URLs with "localhost" or the console's own IP address. Change these to point to the actual X-Force update and license servers respectively, which are:


The log files you want to check to see if X-Force updates work fine are: