IBM QRadar

IBM QRadar

Join this online user group to communicate across Security product users and IBM experts by sharing advice and best practices with peers and staying up to date regarding product enhancements.

 View Only

  • 1.  How i can add data from ELK to Qradar via API

    Posted Mon June 07, 2021 05:23 PM

    i have elk SIEM and Qradar SIEM with some network.



    #QRadar
    #Support
    #SupportMigration


  • 2.  RE: How i can add data from ELK to Qradar via API

    Posted Tue June 08, 2021 11:05 AM

    What kind of data you are planning to add to QRadar from ELK via API? This isn't clearly described in the question.

    But if you are planning to forward event logs from ELK to QRadar, then you can do so using logstash to QRadar over syslog.



    #QRadar
    #Support
    #SupportMigration


  • 3.  RE: How i can add data from ELK to Qradar via API

    Posted Tue June 08, 2021 01:21 PM

    thank you Support Member

    i want send the alert elk to Qradar.

    and Qradar to recognize them like alert not like event.



    #QRadar
    #Support
    #SupportMigration


  • 4.  RE: How i can add data from ELK to Qradar via API

    Posted Wed June 09, 2021 09:05 AM

    Ok. QRadar doesn't allow you to create offense (for elk, it could be alert) directly via API.

    Offense api in fact introduced in the latest version (16) of the QRadar api. You can check for available options here.

    https://www.ibm.com/docs/en/qsip/7.4?topic=160-siem-endpoints

    IBM® QRadar®7.4.3 introduces version 16.0 of the API endpoints.



    #QRadar
    #Support
    #SupportMigration