IBM Security SOAR

Expand all | Collapse all

Notification on IBM Resilient QRadar Integration fail-over

  • 1.  Notification on IBM Resilient QRadar Integration fail-over

    Posted Sun January 10, 2021 05:23 AM
    Hi Team,

    Do we have any feature or process for getting a notification to mailbox when the IBM Resilient QRadar Integration plugin configured on the Qradar end fails to push offenses from the Qradar end to the Resilient end automatically?


    ------------------------------
    Sandeep Kothapalli
    ------------------------------


  • 2.  RE: Notification on IBM Resilient QRadar Integration fail-over

    Posted Thu January 14, 2021 09:02 AM

    Sandeep,

    we wrote a python script that we just run on a server that alerts us about issues between resilient and QRadar. We found that if you have a high volume of things getting pushed to Resilient there is usually a couple missed.  


    Let me know and I can provide the code that I use. 


    I don't know of any built in notifications on either side. 



    ------------------------------
    Richard Giesige
    Security Engineer
    Oshkosh Corporation
    Oshkosh
    ------------------------------



  • 3.  RE: Notification on IBM Resilient QRadar Integration fail-over

    Posted Sun January 17, 2021 12:54 AM
    Hi Richard,

    Request you to help us with the piece of code used for knowing the issues between resilient and QRadar. 

    ------------------------------
    Sandeep Kothapalli
    ------------------------------



  • 4.  RE: Notification on IBM Resilient QRadar Integration fail-over

    Posted Mon January 18, 2021 09:29 PM
    Sandeep,

    I'll reply to your privately with the code that I wrote. Mine is a little intricate because we monitor ownership and some other things.

    Thanks,

    Rich

    ------------------------------
    Richard Giesige
    Security Engineer
    Oshkosh Corporation
    Oshkosh
    ------------------------------