IBM Security QRadar

 View Only

  • 1.  Need to help on Azure sentinel to IBM QRader

    Posted Wed June 23, 2021 01:44 PM
    Hi,

    I am struggling to understand the IBM QRader documentation on how to configure the Azure Event Hub and Azure Storage.
    Here are my queries.
    1. What is min requirement of IBM Qrader for Azure Event Hub? Is the basic plan enough? Does IBM QRader require Azure Event Hub to have a capture feature?
    https://azure.microsoft.com/en-us/pricing/details/event-hubs/

    2. What is min requirement of IBM Qrader for the Azure Storage account?  Azure Blob Storage?
    1. Create the Azure Blob storage and then obtain a Microsoft Azure Storage Account? Or I create the Azure Event Hub with the basic plan and then it will create the Azure storage account automatically?


    https://www.ibm.com/docs/en/dsm?topic=SS42VS_DSM/t_dsm_guide_microsoft_azure_enable_event_hubs.html

    https://www.ibm.com/docs/en/dsm?topic=protocol-microsoft-azure-event-hubs-faq#concept_qny_ywv_ljb__section_ex3_t1r_l4b

    ------------------------------
    IT Security
    ------------------------------


  • 2.  RE: Need to help on Azure sentinel to IBM QRader

    Posted Mon December 13, 2021 11:34 AM

    Not very familier with Azure's pricing model, but for event hub config and storage config:

    https://www.ibm.com/docs/en/dsm?topic=options-configuring-microsoft-azure-event-hubs-communicate-qradar

    Video tutorial by Jose Bravo ( I used this for quite a few integrations, it works!)

    https://www.youtube.com/watch?v=SylTklpn2ko



    ------------------------------
    Ashish Khandewale
    ------------------------------

    Original Message