In an age where cyber threats widespread, it is important that organizations keep their data secure. The IBM QRadar SIEM enable SOC Analysts to accurately detect and prioritize threats across the enterprise and accelerate security operations processes. IBM QRadar provides Security Engineers with an actionable threat management solution from multiple sources, such as Intrusion Detection Systems (IDS), event logs and NetFlow along with other network data.

This blog outlines Loginsoft’s expertise with IBM QRadar by developing the Right-Click Plug-in to search for indicators like IP, Domain dynamically over the customer’s API and make actionable interface with response data.

IBM QRadar SIEM Integration

Loginsoft, a leading Cybersecurity Solutions provider who is a partner of IBM Security has integrated its customer’s, a leading Threat Intel Gateway Product syslogs on IBM QRadar. Our Security Engineers have configured the syslogs with an extensive Dashboard by matching UI of the customer branding as well as custom apps and Plug-ins using the QRadar SDK. All our Integrations follow a highly scalable and fault-tolerant architecture.

Below is the sample dashboard with custom charts built on IBM QRadar.

QRadar Dashboard Bar Graphs

Leveraging QRadar Integration for Log Collection and Analytics

Loginsoft’s Security Analysts have developed the whole range of custom apps. Among them, there are:

  • Developed custom Right-click lookup Plug-ins to search for indicators like IP, domain dynamically over the customer’s API.
  • Built custom QID Mappings that relates to DSM Editor to extract fields, define custom properties, categorize events, and define new QID definition.
  • Developed custom DSM configuration to detect the logs and assign field names to raw data in logs. Built Log Source Extensions (uDSM/LSX) to eliminate unknown and stored events.
  • Built IP Lookup to pull/push data and visualize and act upon it using public API’s, QRadar Ariel searches and other sources.
  • Created custom properties and offense rules to ensure an automatic and real-time intelligent analysis of the collected security events and a timely detection of suspicious activities.
  • Created event normalization and categorization by parsing raw events from disparate sources and present them in a human-readable format.
  • Collected and stored huge data across the network devices, business applications and databases.
  • Provided web proxy support and configurable options for integration with public API’s.
  • Determined and configured log source connection to QRadar and added setup guidance in the App’s Configuration screen.
  • Enrichment of details in Offence report via injecting JavaScript and adding a fragment.

In its turn, the customer got a fine-tuned system with improved log data quality characteristics, logs synchronization, properly configured correlation rules and log sources. Having an integration between QRadar helps customer to create reports, schedule scans, identify vulnerabilities in assets within a QRadar deployment.

The following sample image is the IP Plugin Lookup page built on IBM QRadar.

QRadar IP-Plugin Lookup

How does QRadar Integration benefit SOC Analysts?

This Integration help analysts get IP’s enrichment and reporting inside QRadar automatically using the API’s instead of manually monitoring on different platforms. These integrations will make lookups easy and increase usage by analysts. IBM QRadar integration supports various types of deployments, making it suitable for different usage needs.

About Loginsoft:

For over 15 years, leading companies in Telecom, Cybersecurity, Healthcare, Finance, New Media and more have come to rely on Loginsoft as a trusted resource for technology talent. Whether Onsite, Offsite, or Offshore, we deliver.

Let’s start a conversation.

Connect Now