IBM QRadar

Hello,

We have a QRadar structure, with some EC's and DLC's sending to a QRadar Console.However, we have a lot of logs from various log sources that are being sent to QRadar that we don't need for Use Cases. They are just being stored for searches etc.... With that, we want to keep receiving those logs that we don't need but before they reach the QRadar Console we want to filter them in order to have just the ones we need for use cases being sent to the QRadar Console for correlation.

In case we need the others we would need to access the Data Lake and search for them.

What we need here is a Data Lake solution where all the logs pass through it and stay stored in it, but the ones that are needed for use cases are sent to the QRadar Console. I attached a diagram so that you can have an idea of what we need.

Is there any viable Data Lake solution to introduce in the middle of the current structure?

Is there a solution to accomplish this goal, like something from IBM or any partner?

Is there any other way to implement this kind of solution without using the log-only feature?

Forwarding the logs to the data lake from the QRadar is not a solution for us also. We have to receive the logs on QRadar already filtered.

If its not possible to set a Data Lake solution between QRadar and the EC's/DLC's is that any other way to do it? Or something similar?

Can anyone help us with this situation?

Thank you very much.