Actions for IBM QRadar #
- Send Data to IBM QRadar. Sends a custom set of Lucidum data to IBM QRadar.
Use Cases #
Below are the possible use cases for these actions:
-
If you want to run Lucidum “headless”, you can send relevant data to IBM QRadar on a regular schedule.
- You can send normalized, enriched Lucidum data to IBM QRadar to be indexed, searched, and analyzed.
Prerequisites #
To execute IBM QRadar actions, you must configure a IBM QRadar API connection beforehand. For details, see https://lucidum.io/docs/ibm-security-qradar/.
NOTE. The specified account should have read and write permissions.
Workflows #
- Creating a new Configuration and a new Action
- Cloning an Existing Action
- Creating a new Action from the Location Results page
- Editing a Configuration
- Editing an Action
- Viewing Information about an Action
IBM QRadar Configuration #
To create a configuration for IBM QRadar actions:
-
Configuration Name. Identifier for the Configuration. This name will appear in the Lucidum Action Center.
- URL. The URL for the IBM QRadar Console. For example, http://ip_address/api.
-
Username. User name for an IBM QRadar account with read and write access to the IBM QRadar API. For details, see https://www.ibm.com/docs/en/qradar-common?topic=api-endpoint-documentation-supported-versions#c_rest_api_getting_started.dita__title__5.
- Password. The password for the IBM QRadar account with read and write access to the IBM QRadar API. For details, see https://www.ibm.com/docs/en/qradar-common?topic=api-endpoint-documentation-supported-versions#c_rest_api_getting_started.dita__title__5.
-
Max # of Records per Payload. The maximum number of records to send to IBM QRadar in each action. The default value is “50”.
Create a New Action #
To create an action for IBM QRadar, contact Lucidum customer care.
