IBM Security QRadar

What is IBM QRadar? #

IBM Security QRadar is a threat detection and response suite that includes QRadar SIEM, QRadar SOAR, QRadar EDR, and QRadar Log Insights. Each product is embedded with enterprise-grade AI and automation. The portfolio uses a common user interface, shared insights, and connected workflows.

Why Should You Use the IBM QRadar Connector? #

The IBM QRadar connector provides visibility into the assets and users in your environment. You can use this visibility to:

  • ensure assets are managed per your security policies

  • ensure assets are managed per your security policies

  • ingest assets and users and their relationships

How Does This Connector Work? #

Lucidum executes read-only requests to the IBM QRadar REST API and ingests only meta-data about IBM QRadar devices. Lucidum does not retrieve any data stored on your assets.

Configuring the Connector in Lucidum #

Field

Description

Example

URL

The URL for the IBM QRadar API.

http://ip_address/api

Username

User name for an IBM QRadar account with read access.

 justynmutts

Password

The password for the IBM QRadar account.

 ************

Verify SSL.

For future use.

N/A

Source Documentation #

Creating Credentials #

Contact your Lucidum Sales Representative for help with creating credentials.

Required Permissions #

Contact your Lucidum Sales Representative for help with permissions.

API Documentation #

https://www.ibm.com/docs/en/qradar-common?topic=api-endpoint-documentation-supported-versions

https://ibmsecuritydocs.github.io/qradar_api_overview/

https://ibmsecuritydocs.github.io/qradar_api_17.0/

https://github.com/IBM/api-samples/blob/master/asset_model/01_GetAssets.py