IBM QRadar

 View Only
  • 1.  QRadar data into PowerBi

    Posted Wed May 31, 2023 09:16 AM

    Hi All,

    Has anyone fed data from QRadar into MS Powerbi to display a dashboard for executive eyes? (clean and simple),is there any integration method?!



    ------------------------------
    osama ahmed
    ------------------------------


  • 2.  RE: QRadar data into PowerBi

    Posted Fri June 02, 2023 12:48 PM

    Hi, there is no native way to do this but there are several workarounds using the API.

    The Qradar API allows you to extract offenses, log sources (quantity/status), domains, tennats, rules (use case manager app) and most importantly, perform searches based on AQL which gives you the freedom to do whatever you like.

    To implement this you need a API token in authorized services.

    A possible flow would be something similar to this

    Step 1: Definition of what information do you need?
    Step 2: Determine how to extract them, example:
    a- If you need offenses you just have to go to /siem/offenses and you can also use filters like ?filter=status%3Dopen
    b- If you need to create a search you must enter the AQL in /ariel/searches and then get the results in /ariel/searches/id

    Step 3: Store the data in a database
    Step 4: Plot the data with PowerBi


    A few months ago I made this post where I explain the possibilities a bit more using python but unfortunately for privacy reasons I had to remove the script from github. But the idea is there and I think it can guide to achieve the purpose.

    https://community.ibm.com/community/user/security/discussion/python-script-to-save-offenses-to-csvdb-file-and-monitoring-for-new-ones-for-data-analytics#bma4308591-f4dd-4e7c-930e-f9f3cd592b27



    ------------------------------
    Carlos Medina
    ------------------------------



  • 3.  RE: QRadar data into PowerBi

    Posted Fri June 02, 2023 01:35 PM

    Hi carols,


    Thanks for your response.



    ------------------------------
    osama ahmed
    ------------------------------



  • 4.  RE: QRadar data into PowerBi

    Posted Mon June 05, 2023 03:56 AM

    Not sure if you've seen this already and if it could help - quite a while ago an example how to use the AQL and pull the data from QRadar into an Excel workbook was posted on github < https://github.com/ibm-security-intelligence/visualizations/tree/master/excel >



    ------------------------------
    Dusan VIDOVIC
    ------------------------------



  • 5.  RE: QRadar data into PowerBi

    Posted Mon June 05, 2023 07:30 AM

    Hi Dusan,


    Thanks for your response.

    i saw this excel and configure it with my qradar but it didn't give me any results, are you use it before?. 



    ------------------------------
    osama ahmed
    ------------------------------



  • 6.  RE: QRadar data into PowerBi

    Posted Mon June 05, 2023 09:29 AM

    I tried it in my lab (though quite some time ago)  and it worked.



    ------------------------------
    Dusan VIDOVIC
    ------------------------------



  • 7.  RE: QRadar data into PowerBi

    Posted Tue June 06, 2023 04:28 AM

    ok I'll try it again.

    Thanks



    ------------------------------
    osama ahmed
    ------------------------------



  • 8.  RE: QRadar data into PowerBi

    Posted Mon June 05, 2023 07:27 AM

    Anybody able to resolve the issue yet ? Eagerly waiting for a proper reply for guidance to one of my abroad portals. 



    ------------------------------
    Sunny Sharma
    ------------------------------