IBM Security QRadar

 View Only

General Availability - Grafana Plugin v1.0 for QRadar SIEM

By Prince Prakash posted Fri February 02, 2024 03:33 AM


Hi there, QRadar SIEM users! 

I have some exciting news to share with you today. Back in December, I teased an upcoming plugin for QRadar SIEM (Classic) users who may want to combine QRadar SIEM data with existing visualization tooling or explore more ways to visualize. I am happy to share that we have just released the IBM Security QRadar AQL Plugin for Grafana, providing more ways than ever to visualize your QRadar SIEM data in stunning dashboards! 

If you didn’t have the chance to check out my sneak peak blog, let’s do a quick recap: 

What is Grafana? 

If you are not familiar with Grafana, let me be the first to tell you why you should be! Grafana is a powerful visualization tool that lets you create beautiful dashboards and charts from almost any data source. Grafana is awesome because it: 

  • Supports hundreds of data sources, now including QRadar SIEM 

  • Allows you to customize your dashboards with rich features like variables, annotations, alerts, and more 

  • Enables you to share your dashboards with your team or the world, with fine-grained access control 

  • Has a vibrant community of users and developers who contribute plugins, dashboards, and tutorials 


But what does Grafana have to do with QRadar SIEM, you may ask? 

Well, what if I told you that you can use Grafana to visualize your QRadar data in new and amazing ways? Spoiler alert – that is exactly what I’m saying! Thanks to the new QRadar AQL Plugin for Grafana. 


The QRadar AQL Plugin for Grafana is a data source plugin that connects Grafana to your QRadar SIEM (Classic) instance and enables you to build visualizations using QRadar SIEM’s native AQL (Ariel Query Language). With the QRadar AQL Plugin, you can:  

  • Build custom visualizations from any QRadar SIEM (Classic) data, such as events, flows, offenses, assets, reference sets, and more 

  • Use Grafana macros to simplify and optimize your AQL queries 

  • Import sample dashboards that showcase the capabilities of the QRadar AQL Plugin 

  • Combine QRadar data with other data sources in Grafana to get a holistic view of your security posture 

By using the QRadar AQL Plugin, you can leverage the power of Grafana to create stunning visualizations of your QRadar data, such as charts, graphs, tables, gauges, and more. You can also combine your QRadar data with other data sources that Grafana supports, such as Prometheus, Elasticsearch, InfluxDB, and more. This way, you can get a holistic view of your security posture and gain deeper insights into your data. 

Okay Prince, that sounds cool – but is it easy to set up? 

Short answer – yep, sure is! All you need is: 

  • A Grafana instance (version 7.3 or later) 

  • A QRadar instance (version 7.4.1 or later) 

  • The QRadar AQL Plugin (available from the Grafana Plugin Catalog or the IBM App Exchange)  

Longer answer - you can find the pluging on the Grafana Plugin Catalog

or on the IBM Security X-Force App Exchange. 

Once you install the plugin, you can configure a data source that connects to your QRadar SIEM instance. Then, you can import some of the sample dashboards that we have included in the plugin, or create your own dashboards from scratch. You can use the dashboard panel query builder to write your AQL queries, or use the Grafana macros to simplify your syntax. You can also use the dashboard template variables to make your dashboards more dynamic and interactive. 

The QRadar AQL Plugin is a great way to enhance your QRadar experience and take your security analytics to the next level. We hope you enjoy using it as much as we enjoyed creating it. If you have any questions or feedback, please feel free to contact us at Happy dashboarding! 


Let’s get dashboarding 

I hope you’re as excited as I am about this new plugin. It’s a game-changer for QRadar SIEM users who want to leverage Grafana’s amazing visualization capabilities. I can’t wait to see what you create with it. Feel free to share your feedback, questions, and suggestions with me and the QRadar community.  

Happy dashboarding! 


And, if you want a head start – check out these upcoming webinars from Grafana!