IBM QRadar

 View Only
Expand all | Collapse all

SIEM Qradar Community Edition - Integration with Open Source Ticketing System

  • 1.  SIEM Qradar Community Edition - Integration with Open Source Ticketing System

    Posted Tue August 08, 2023 12:57 AM

    Hello my friends,

    I would like to know if it is possible to integrate Qradar CE with an Open Source ticketing software like ServiceNow in order i can pass my offenses as an incident to resolve.

    If this is possible can you help me giving some names about these software i can integrate with Qradar CE or maybe i have to install a plugin from IBM Xforce App Exchange to connect to this open source ticketing system?

    #Ticketing

    #QRadar-SIEM

    Thanks in advance.

    Best Regards.

    Henry.



    ------------------------------
    Henry Alonso Valdivia Barba
    ------------------------------


  • 2.  RE: SIEM Qradar Community Edition - Integration with Open Source Ticketing System

    IBM Champion
    Posted Wed August 09, 2023 04:51 AM

    Henry,

    Valdivia,

    ServiceNow of course is commercial, just to clearify that for other reeders of this discussion. You are looking for something similar to that. We made good experience using OTRS which is traditional open source and offers a community edition just like QRadar. As with most open source products now they are offering a Pro version as well, but for base functions you should be fine using the CE. Details at https://otrs.com/de/otrs-software-loesungen/otrs/otrs-community-edition/

    The easiest way for integration with QRadar is via email policy rule. Just look for the standard rule using email response, there is just one. Modify it to your needs. This rule opens a new ticket in your ticketing system, in this case OTRS. We are using 4me cloud service the same way , which is a service with excellent price/performance ratio. You dont need any plugin. However this form of loosely integration requires you to close your offenses manually and there is no feedback from your ticketing system other than email, where you have to copy/paste your offense close reason.  Based on API you could automate that, but this requires some programming background.

    BTW If you are looking for better SOAR functions like automized playbooks, look at LogInsights and the new IBM Security QRadar Suite being announced later this year. 

    BR Karl



    ------------------------------
    [Karl] [Jaeger] [Business Partner]
    [QRadar Specialist]
    [pro4bizz]
    [Karlsruhe] [Germany]
    [4972190981722]
    ------------------------------



  • 3.  RE: SIEM Qradar Community Edition - Integration with Open Source Ticketing System

    Posted Thu October 05, 2023 03:16 AM
    Edited by Alex Ahsras Thu October 05, 2023 03:16 AM

    Hey Henry,

    Great to see you're looking to enhance your Qradar CE setup by integrating it with an Open Source ticketing system like ServiceNow. It's definitely possible and can greatly streamline your incident resolution process.

    One excellent option for integration is using a middleware application like Zapier or Integromat, which can bridge the gap between Qradar CE and ServiceNow. These platforms allow you to create custom workflows and automate the transfer of offenses to incidents seamlessly. This way, you won't need to install additional plugins from IBM Xforce App Exchange.

    If you are interested in exploring even greater tailored options or need professional assistance with the integration, reflect onconsideration on reaching out to Andersen.

    I've personally used Zapier for a similar integration, and it worked like a charm. It's user-friendly and offers a wide range of integrations beyond just Qradar and ServiceNow.

    Remember to set up the necessary triggers and actions within the middleware, and you'll be well on your way to a more efficient incident resolution process.



    ------------------------------
    Alex Ahsras
    ------------------------------