What is IBM QRadar? #
IBM Security QRadar is a threat detection and response suite that includes QRadar SIEM, QRadar SOAR, QRadar EDR, and QRadar Log Insights. Each product is embedded with enterprise-grade AI and automation. The portfolio uses a common user interface, shared insights, and connected workflows.
Why Should You Use the IBM QRadar Connector? #
The IBM QRadar connector provides visibility into the assets and users in your environment. You can use this visibility to:
-
ensure assets are managed per your security policies
-
ensure assets are managed per your security policies
-
ingest assets and users and their relationships
How Does This Connector Work? #
Lucidum executes read-only requests to the IBM QRadar REST API and ingests only meta-data about IBM QRadar devices. Lucidum does not retrieve any data stored on your assets.
Configuring the Connector in Lucidum #
|
Field |
Description |
Example |
|---|---|---|
|
URL |
The URL for the IBM QRadar API. |
http://ip_address/api |
|
Username |
User name for an IBM QRadar account with read access. |
 justynmutts |
|
Password |
The password for the IBM QRadar account. |
 ************ |
|
Verify SSL. |
For future use. |
N/A |
Source Documentation #
Creating Credentials #
Contact your Lucidum Sales Representative for help with creating credentials.
Required Permissions #
Contact your Lucidum Sales Representative for help with permissions.
API Documentation #
https://www.ibm.com/docs/en/qradar-common?topic=api-endpoint-documentation-supported-versions
https://ibmsecuritydocs.github.io/qradar_api_overview/
https://ibmsecuritydocs.github.io/qradar_api_17.0/
https://github.com/IBM/api-samples/blob/master/asset_model/01_GetAssets.py
