0
10.7.3
Australia, Zurich, Yokohama, Xanadu
Integration
IBM® QRadar® Security Information and Event Management (SIEM) helps security teams accurately detect and prioritize threats across the enterprise. It provides intelligent insights that enable teams to respond quickly to reduce the impact of incidents. The IBM QRadar Offense Ingestion integration allows you to automatically fetch IBM QRadar offenses, convert them into security incidents, and enable automated response actions.
This integration includes the following key features:
- Discovery of IBM QRadar offenses that are candidates for security incidents and automate the creation of security incidents.
- Mapping of offense, event, and flow fields to security incident fields.
- Aggregating similar offenses to existing open security incidents instead of creating duplicate security incidents.
- Validate your mapping with a preview of the offense field values in a security incident.
- Automatic offense status update for SIR incident creation and closure.
- Set up scheduled ingestions of offenses to create security incidents periodically.
- Fetch recent events or flows associated with an offense.
- Track key updates to offenses periodically.
Fixed:
- SIR creation issue in case of secure notes mapping.
- Preview Section so that Event Data is now displayed correctly.
Installation sequence:
- Install the com.glide.hub.integration.runtime, com.glide.hub.action_step.rest plugins first. If the necessary privileges are unavailable, raise a support ticket for the installation of these plugins.
- After installing the plugins, install the Event and Alert Ingestion for Security Operations (com.snc.secops.event_ingestion) plugin, which is dependent on the Security Incident Response plugin and the Security Incident Response UI.
- IBM QRadar version required: 7.3.2.5 or higher.
- API version: 10 or higher.
- If the IBM QRadar server is deployed within the corporate network, the integration requires an installed and configured MID Server in your Now Platform instance to connect to the IBM QRadar service. The MID Server is not required if you are using the IBM QRadar Cloud.