IBM QRadar

 View Only

Spotlight: IBM Security ReaQta EDR + QRadar SIEM integration

By Olga Hout posted Thu November 10, 2022 09:05 AM

  



Technology and automation are essential to ease and streamline the process of threat investigation and response. The type of tools in your security stack should be working for you and not against you.

With that said, we'd like to highlight our integration between IBM Security ReaQta and QRadar SIEM and how it differs from any other EDR and SIEM integration.


Why ReaQta and QRadar SIEM integration matters 

Technology integrations are essential for the cybersecurity industry. And IBM Security QRadar XDR offers many of those. But in this post, let’s explore the capabilities our customers get unlocked by integrating our newest addition—an industry-leading endpoint detection and response ReaQta—and a 13-time Gartner Magic Quadrant leader IBM Security QRadar SIEM. 

By integrating with an EDR, specifically IBM Security ReaQta, your SIEM logs are enriched in real-time with another source of telemetry to build thorough contexts around malicious activities. Additionally, this integration provides the ability to automatically call APIs to ReaQta and take quick corrective actions.

ReaQta and Qradar SIEM integration enables organizations to merge the strengths of their QRadar deployments to collect, aggregate, analyze and visualize massive streams of log and flow data with the detection, response and forensics capabilities of ReaQta.

 

Key highlights of this ReaQta Device Support Module (DSM) for QRadar SIEM are:
  • Build complete contexts: ReaQta’s AI engines automatically collect and group many events from across the endpoint ecosystem and consolidates them into few high-fidelity alerts that are forwarded to QRadar. Along with SIEM event logs, QRadar is able to build comprehensive threat contexts.

 

  • Visualize threat activity: Searches and queries for ReaQta telemetry data can be visualized automatically on the QRadar dashboards to show complete threat contexts. So instead of going through thousands of event logs, security teams can view threats and their activity across the network on one single screen.

 

  • Take effective action: Security teams can access insights and recommendations from QRadar SIEM to perform complex threat hunting and response from ReaQta.



Let's look at the sample of IBM QRadar SIEM log activity.
IBM QRadar and ReaQta integration

This picture shows a ransomware alert. We can view the payload that got collected by the API.



This screenshot shows the severity, the type of alert, and the quick remediation actions that can be taken. The DSM will populate the details, such as the severity, IPs, MAC addresses, username, and log source time.  


IBM Security QRadar SIEM clients can now ingest ReaQta alerts without any impact on their EPS count. For more information, please connect with an IBM representative or a business partner to learn about a complimentary increase in EPS capacity when you integrate with ReaQta.



To review the technical details of integrations ReaQta and QRadar SIEM, please read the DSM configuration guide.


IBM Security ReaQta offers a unique approach to endpoint security. It provides organizations across all industries with autonomous, real-time, and fully customizable endpoint security, minus the complexity. 

 

ReaQta and QRadar SIEM collectively empower organizations with unparalleled visibility through natively integrated workflows to enable consistency in proactive detection and response. Organizations can now opt for a defense system that unifies, protect & detect capabilities to shield against high-impact cyber threats from compromising their business.


Please, share your feedback with our team and reach out if you have any questions. 

Cheers,
Olga Hout
Sr. Product Marketing Manager, IBM Security

0 comments
77 views

Permalink