0
10.4.22
Zurich, Yokohama, Xanadu
IBM® QRadar® Security Information and Event Management (SIEM) helps security teams accurately detect and prioritize threats across the enterprise. It provides intelligent insights that enable teams to respond quickly to reduce the impact of incidents. The IBM QRadar Offense Ingestion integration allows you to automatically fetch IBM QRadar offenses, convert them into security incidents, and enable automated response actions.
This integration includes the following key features:
- Discovery of IBM QRadar offenses that are candidates for security incidents and automate the creation of security incidents.
- Mapping of offense, event, and flow fields to security incident fields.
- Aggregating similar offenses to existing open security incidents instead of creating duplicate security incidents.
- Validate your mapping with a preview of the offense field values in a security incident.
- Automatic offense status update for SIR incident creation and closure.
- Set up scheduled ingestions of offenses to create security incidents periodically.
- Fetch recent events or flows associated with an offense.
- Track key updates to offenses periodically.
Fixed:
- A duplicate record creation in the Polling table for the same offense.
- An issue with empty Integration Run column in QRadar tables.
- The seven day restriction on offense retrieval is removed, offenses from any past date can now be fetched.
- Corrected the date parsing issue during offense enrichment.
- The parsing errors observed in debug logs.
- Handled HTTP 409 conflict error occurring when attempting to close an offense that is already closed.
Installation sequence:
- Install the com.glide.hub.integration.runtime, com.glide.hub.action_step.rest plugins first. If the necessary privileges are unavailable, raise a support ticket for the installation of these plugins.
- After installing the plugins, install the Event and Alert Ingestion for Security Operations (com.snc.secops.event_ingestion) plugin, which is dependent on the Security Incident Response plugin and the Security Incident Response UI.