IBM Security QRadar Premier Apps: IBM QRadar Integration with 3rd party Configuration Management Databases
A security analyst working on offenses acts under immense time pressure and requires precise information. There is simply no spare time for unclear information and unnecessary search investigations.
However, accessing all the information about an IT asset, such as location, computer type and owner, can be difficult as it resides in 3rd party tools, leaving Analysts with an unclear picture of a threat. The process of enriching and consolidating the QRadar Assets DB with contextual data available in the Configuration Management DB (CMDB) such as Service New and Maximo, is often a manual process.
With the IBM Security QRadar CMDB Integration Application, a Premier App from IBM Technology Expert Labs – Security, we can provide a complete, accurate and reliable import of information about IT assets from CMDB sources and integrate this data with the QRadar Asset DB repository providing:
• A timely and comprehensive set of asset data in QRadar
• Contextual information about assets
• Consolidation of assets with multiple interfaces
• Elimination of duplicate entries in QRadar assets
• Automatic import of data allowing creation of new assets
• Flexible mapping of data between CMDB and QRadar assets properties
• Bi-directional data integration providing context data to both QRadar and the CMDB system
With this user-friendly, packaged and tested app, derived from successful real-life projects, you can enrich and consolidate your QRadar Assets DB with contextual data available in your Configuration Management DB (CMDB) systems (including BMC, ServiceNow and others) and increase the quality of QRadar security monitoring. Using the and extended IT asset information you can:
• set “weight” of the asset, used in offense magnitude calculation
• add contextual information about the asset
• merge assets, previously identified by QRadar as separate systems, while they represent one host with many IPs
Today, the "IBM Security QRadar Integration with Configuration Management Database” is available in Version 3.7.0, it is based on QRadar SIEM Framework 3.0 and works best with IBM QRadar V7.5 UP5+.
For any inquiries, contact IBM Technology Expert Labs Security via tels.apps@ibm.com today or visit the IBM App Exchange (https://exchange.xforce.ibmcloud.com/hub?of=O8) to express interest.