0
10.4.14
Yokohama, Xanadu, Washington DC, Vancouver
IBM® QRadar® Security Information and Event Management (SIEM) helps security teams accurately detect and prioritize threats across the enterprise. It provides intelligent insights that enable teams to respond quickly to reduce the impact of incidents. The IBM QRadar Offense Ingestion integration allows you to automatically fetch IBM QRadar offenses, convert them into security incidents, and enable automated response actions.
This integration includes the following key features:
- Discovery of IBM QRadar offenses that are candidates for security incidents and automate the creation of security incidents.
- Mapping of offense, event, and flow fields to security incident fields.
- Aggregating similar offenses to existing open security incidents instead of creating duplicate security incidents.
- Validate your mapping with a preview of the offense field values in a security incident.
- Automatic offense status update for SIR incident creation and closure.
- Set up scheduled ingestions of offenses to create security incidents periodically.
- Fetch recent events or flows associated with an offense.
- Track key updates to offenses periodically.
Fixed:
- Fixed an issue where QRadar profile gets stuck in running state when system is restarted or shut down.
Installation sequence:
- Install the com.glide.hub.integration.runtime, com.glide.hub.action_step.rest plugins first. If the necessary privileges are unavailable, raise a support ticket for the installation of these plugins.
- After installing the plugins, install the Event and Alert Ingestion for Security Operations (com.snc.secops.event_ingestion) plugin, which is dependent on the Security Incident Response plugin and the Security Incident Response UI.