IBM Security QRadar

 View Only

  • 1.  Qradar and Snowflake intergration

    Posted Fri September 28, 2018 01:08 AM
    Hello everyone,

    I have a problem with Snowflake and Qradar intergration. We have audit logs in Snowflake table and would like to pull data from table with JDBC or ODBC connector.

    Is it possible to install costum JDBC or ODBC driver which is not "out of the box" in Qradar log sources types for database connections?
    I found that this is possible for mySQL jdbc driver, but we would like to pull data from snowflake DWH and consequently would like to install snowflake jdbc or odbc driver by same way like mySQL JDBC driver.
    You can see driver on this link
    https://repo1.maven.org/maven2/net/snowflake/snowflake-jdbc/2.8.0/

    Can we do this on our qradar all in one appliance? Will it work on that way.

    Best regards, Miroslav

    ------------------------------
    Miroslav Matijević
    ------------------------------


  • 2.  RE: Qradar and Snowflake intergration

    Posted Thu January 28, 2021 05:12 PM
    Hi Miroslav,
    Did you found a solution connecting snowflake to qradar?


    Thanks,
    Galil

    ------------------------------
    Galil Bunfad
    ------------------------------

    Original Message


  • 3.  RE: Qradar and Snowflake intergration

    Posted Mon March 14, 2022 12:32 PM
    Hi Miroslav!,

    I hope you are fine. I writing because current we have a project in snowflake for security but We need conect this database to Qradar, Qualysis and different tools of monitoring.
    I read your last post and I want to ask,

    Was you do connect successfully to database snowflake?

    Which is the best way you consider for establishing the connection? by JDBC, ODBC or is not possibility to connect the database directly?

    Thanks for your answer, You have a nice day!
    Sincerely,
    Julia

    ------------------------------
    Julia Alejandra Hernandez Margalli
    ------------------------------

    Original Message


  • 4.  RE: Qradar and Snowflake intergration

    Posted Wed August 09, 2023 08:50 AM

    First of all, I apologize for the late reply. I simply didn't receive a notification from the forum. Yes, of course, I did the integration, but it was outside of the Qradar product. On a separate server, I made a connection to the database with a Python script and store the data in the file system. Then I use the Qradar product to pull this data into Qradar.



    ------------------------------
    Miroslav Matijević
    Information Security Engineer
    Petrol d.d
    Ljubljana
    ------------------------------

    Original Message


  • 5.  RE: Qradar and Snowflake intergration

    Posted Tue February 27, 2024 01:01 PM

    Nice job Miroslav.

    We are looking into Snowflake integration too.  I really hope to not need to go that route with custom middleware.



    ------------------------------
    Mitchell Fang
    ------------------------------

    Original Message


  • 6.  RE: Qradar and Snowflake intergration

    Posted Fri March 08, 2024 05:40 AM

    Hello Miroslav, 

    At present I do not believe this is possible,

    Though our development team are working on a Snowflake DSM/Protocol (JDBC) to be released this year.

    Regards



    ------------------------------
    Comghall Morgan
    QRadar Support Architect
    IBM
    ------------------------------

    Original Message


  • 7.  RE: Qradar and Snowflake intergration

    Posted Tue March 12, 2024 11:08 AM

    Comghall, it would be great if you could provide any reference to the new feature or capabilities to help facilitate Snowflake integration with Qradar?  Do you have any ETA on when this might be available?  Also, please confirm if it will support Qradar on Cloud.  Thank you, Kevin



    ------------------------------
    Kevin Bilello
    ------------------------------

    Original Message