What is IBM QRadar? #
IBM Security QRadar is a threat detection and response suite that includes QRadar SIEM, QRadar SOAR, QRadar EDR, and QRadar Log Insights. Each product is embedded with enterprise-grade AI and automation. The portfolio uses a common user interface, shared insights, and connected workflows.
Why Should You Use the IBM QRadar Connector? #
The IBM QRadar connector provides visibility into the assets and users in your environment. You can use this visibility to:
-
ensure assets are managed per your security policies
-
ensure assets are managed per your security policies
-
ingest assets and users and their relationships
How Does This Connector Work? #
Lucidum executes read-only requests to the IBM QRadar REST API and ingests only meta-data about IBM QRadar devices. Lucidum does not retrieve any data stored on your assets.
Configuring the Connector in Lucidum #
| Field | Description | Example |
|---|---|---|
| URL | The URL for the IBM QRadar API. | http://ip_address/api |
| Username | User name for an IBM QRadar account with read access. | justynmutts |
| Password | The password for the IBM QRadar account. | ************ |
| Verify SSL. | For future use. | N/A |
Source Documentation #
Creating Credentials #
Contact your Lucidum Sales Representative for help with creating credentials.
Required Permissions #
Contact your Lucidum Sales Representative for help with permissions.
API Documentation #
https://www.ibm.com/docs/en/qradar-common?topic=api-endpoint-documentation-supported-versions
https://ibmsecuritydocs.github.io/qradar_api_overview/
https://ibmsecuritydocs.github.io/qradar_api_17.0/
https://github.com/IBM/api-samples/blob/master/asset_model/01_GetAssets.py
