Has anybody had success with getting QRadar to interact with APIs like ProofPoint TAP or Office ATP, and pull their respective logs back into QRadar?

------------------------------
Miguel Quinn
------------------------------

Not sure if it's relevant, we have used the McAfee JDBC connector to good effect and also have Crowdstrike logging via their API.  Seems to work OK. We have not set up Proofpoint TAP yet, but it's on our agenda.

------------------------------
_____________________
Daniel Sichel
------------------------------

Original Message:
Sent: Wed December 11, 2019 01:12 PM
From: Miguel Quinn
Subject: Interacting with Vendor APIs

Has anybody had success with getting QRadar to interact with APIs like ProofPoint TAP or Office ATP, and pull their respective logs back into QRadar?

------------------------------
Miguel Quinn
------------------------------

Thanks for the feedback Daniel! Do you have a rough timescale at all and do you know if anything is being done for Office 365 ATP?


------------------------------
Miguel Quinn
------------------------------

Original Message:
Sent: Thu December 12, 2019 12:34 PM
From: Daniel Sichel
Subject: Interacting with Vendor APIs

Not sure if it's relevant, we have used the McAfee JDBC connector to good effect and also have Crowdstrike logging via their API.  Seems to work OK. We have not set up Proofpoint TAP yet, but it's on our agenda.

------------------------------
_____________________
Daniel Sichel

Original Message:
Sent: Wed December 11, 2019 01:12 PM
From: Miguel Quinn
Subject: Interacting with Vendor APIs

Has anybody had success with getting QRadar to interact with APIs like ProofPoint TAP or Office ATP, and pull their respective logs back into QRadar?

------------------------------
Miguel Quinn
------------------------------

I am sorry to say I have no idea what the IBM roadmap is for this. Perhaps an IBM person monitoring this thread can shed some light on this for you.

------------------------------
_____________________
Daniel Sichel
------------------------------

Original Message:
Sent: Thu December 12, 2019 02:16 PM
From: Miguel Quinn
Subject: Interacting with Vendor APIs

Thanks for the feedback Daniel! Do you have a rough timescale at all and do you know if anything is being done for Office 365 ATP?


------------------------------
Miguel Quinn

Original Message:
Sent: Thu December 12, 2019 12:34 PM
From: Daniel Sichel
Subject: Interacting with Vendor APIs

Not sure if it's relevant, we have used the McAfee JDBC connector to good effect and also have Crowdstrike logging via their API.  Seems to work OK. We have not set up Proofpoint TAP yet, but it's on our agenda.

------------------------------
_____________________
Daniel Sichel

Original Message:
Sent: Wed December 11, 2019 01:12 PM
From: Miguel Quinn
Subject: Interacting with Vendor APIs

Has anybody had success with getting QRadar to interact with APIs like ProofPoint TAP or Office ATP, and pull their respective logs back into QRadar?

------------------------------
Miguel Quinn
------------------------------

Proofpoint recently built an app that integrates with QRadar that utilizes the API.   I pushed them very hard to build  it over the last year and finally got them and IBM to collaborate and get it built.  I don't believe it is GA yet...I have a copy via my Proofpoint rep but haven't been able to test yet because we haven't finished migrating to proofpoint managed services from our on-prem deployment.

------------------------------
AJ Reeves
------------------------------

Original Message:
Sent: Wed December 11, 2019 01:12 PM
From: Miguel Quinn
Subject: Interacting with Vendor APIs

Has anybody had success with getting QRadar to interact with APIs like ProofPoint TAP or Office ATP, and pull their respective logs back into QRadar?

------------------------------
Miguel Quinn
------------------------------