IBM QRadar

Version: 1.3
Updated: Jul 11, 2023
IBM QRadar SIEM helps security teams detect, prioritize and respond to threats across the enterprise.
Actions
- Get Offense Closing Reasons (Enrichment) - Get the list of offense closing reasons.
- Search Into Events QRadar (Enrichment) - Search QRadar events.
- Get Offense (Enrichment) - Gather information on a specific offense.
- Search Reference Set (Enrichment) -Search a reference set for specific information.
- List Reference Sets (Enrichment) - List all available reference sets.
- Update Reference Set (Enrichment) - Update an existing reference set.
- Update Ticket (Notification) - Update an offense.
- Add Offense Note (Notification) - Add a note to a specific Offense.
- Get Offenses Daemon (Daemon) - Automatically get new QRadar offenses.
- Remove Value From Reference Set (Notification) - Remove a value from the reference set.
- Update Reference Set V2 (Enrichment) -Update an existing reference set.
- Search Reference Sets V2 (Enrichment) - Search a reference sets for specific information.
- List Reference Sets V2 (Enrichment) - List all available reference sets.
- Remove Value From Reference Set V2 (Notification) - Remove a value from the reference set.
- Get Offenses Daemon V2 (Daemon) - Automatically get new QRadar offenses.
- Search Into Events QRadar V2 (Enrichment) - Search QRadar events.
Configure IBM QRadar in Automation Service and Cloud SOAR
Before you can use the integration, you must configure it so that the vendor can communicate with Sumo Logic. For general guidance, see Configure Authentication for Integrations.
- Access App Central and install the integration.
- Select the installed integration in the Integrations page.
Classic UI. In the main Sumo Logic menu, select Automation and then select Integrations in the left nav bar.
New UI. In the main Sumo Logic menu, select Automation > Integrations. You can also click the Go To... menu at the top of the screen and select Integrations. - Select the integration.
- Hover over the resource name and click the Edit button that appears.
- In the Add Resource dialog, enter the authentication needed by the resource. When done, click TEST to test the configuration, and click SAVE to save the configuration.
For information about IBM QRadar, see IBM QRadar documentation.
Change Log
- May 5, 2019 - First upload
- January 31, 2020 - New action added: Get Offense
- April 3, 2020 - New action added: Add Offense Note
- May 29, 2020 - Improvements
- March 22, 2021 - New Actions added
- June 3, 2021 - New Actions added
- March 8, 2022 - Description
- April 11, 2022 - updated Action:
- Get Offenses Daemon V2 (New endpoint added to fetch offense Destination IPs)
- June 07, 2022 - Updated action:
- Get Offenses Daemon V2
- July 11, 2023 (v1.3)
- Updated the integration with Environmental Variables
- Integration renamed from IBM QRadar OIF to IBM QRadar
- Changed field visibility
- Added new actions:
- Search Into Events QRadar V3
- Search Into Events QRadar V4