0
10.3.7
Yokohama, Xanadu, Washington DC, Vancouver Patch 4, Vancouver
IBM QRadar is an enterprise security information and event management (SIEM) product that integrates easily with Security Operations. The IBM QRadar Incident Enrichment integration searches your logs and adds relevant sighting information to your security incidents.
IBM QRadar Incident Enrichment integration is now available only on the ServiceNow® Store.
- The IBM QRadar - Incident Enrichment integration aids in the investigation of security incidents by querying of logs in your IBM QRadar deployment for potentially malicious indicators.
- The integration includes the ability to use IBM QRadar to run a Sighting Search on observables to determine prevalence of a threat over time or test remediation and eradication efforts. The search can specify one or more observables and a date range for the search.
Changed:
- Migration of Workflows to Flow Designer flows.
Before you can use the IBM QRadar - Incident Enrichment integration, you must install the app and add the appropriate API base URL and API key.