IBM QRadar SOAR

IBM QRadar

Join this online user group to communicate across Security product users and IBM experts by sharing advice and best practices with peers and staying up to date regarding product enhancements.

View Only

Back to discussions

Expand all | Collapse all

Notification on IBM Resilient QRadar Integration fail-over

1. Notification on IBM Resilient QRadar Integration fail-over

Like
Sandeep Kothapalli
Posted Sun January 10, 2021 05:23 AM

Reply
Hi Team,

Do we have any feature or process for getting a notification to mailbox when the IBM Resilient QRadar Integration plugin configured on the Qradar end fails to push offenses from the Qradar end to the Resilient end automatically?

------------------------------
Sandeep Kothapalli
------------------------------
2. RE: Notification on IBM Resilient QRadar Integration fail-over

Like
Richard Giesige
Posted Thu January 14, 2021 09:02 AM

Reply
Sandeep,

we wrote a python script that we just run on a server that alerts us about issues between resilient and QRadar. We found that if you have a high volume of things getting pushed to Resilient there is usually a couple missed.

Let me know and I can provide the code that I use.

I don't know of any built in notifications on either side.

------------------------------
Richard Giesige
Security Engineer
Oshkosh Corporation
Oshkosh
------------------------------

Original Message
3. RE: Notification on IBM Resilient QRadar Integration fail-over

Like
Sandeep Kothapalli
Posted Sun January 17, 2021 12:54 AM

Reply
Hi Richard,

Request you to help us with the piece of code used for knowing the issues between resilient and QRadar.

------------------------------
Sandeep Kothapalli
------------------------------

Original Message
4. RE: Notification on IBM Resilient QRadar Integration fail-over

Like
Richard Giesige
Posted Mon January 18, 2021 09:29 PM

Reply
Sandeep,

I'll reply to your privately with the code that I wrote. Mine is a little intricate because we monitor ownership and some other things.

Thanks,

Rich

------------------------------
Richard Giesige
Security Engineer
Oshkosh Corporation
Oshkosh
------------------------------

Original Message

IBM QRadar SOAR

Notification on IBM Resilient QRadar Integration fail-over

Sandeep KothapalliSun January 10, 2021 05:23 AM

Richard GiesigeThu January 14, 2021 09:02 AM

Sandeep KothapalliSun January 17, 2021 12:54 AM

Richard GiesigeMon January 18, 2021 09:29 PM

1. Notification on IBM Resilient QRadar Integration fail-over

2. RE: Notification on IBM Resilient QRadar Integration fail-over

3. RE: Notification on IBM Resilient QRadar Integration fail-over

4. RE: Notification on IBM Resilient QRadar Integration fail-over

Additional
Resources

Office

Quick Links

IBM QRadar SOAR

Notification on IBM Resilient QRadar Integration fail-over

Sandeep KothapalliSun January 10, 2021 05:23 AM

Richard GiesigeThu January 14, 2021 09:02 AM

Sandeep KothapalliSun January 17, 2021 12:54 AM

Richard GiesigeMon January 18, 2021 09:29 PM

1. Notification on IBM Resilient QRadar Integration fail-over

2. RE: Notification on IBM Resilient QRadar Integration fail-over

3. RE: Notification on IBM Resilient QRadar Integration fail-over

4. RE: Notification on IBM Resilient QRadar Integration fail-over

Related Content

Resilient Systems QRadar Integration

CrowdStrike and IBM Security Integrations: Delivering End-to-End Process Threat Management with CrowdStrike’s Falcon Platform and IBM Security’s Resilient and QRadar

QRadar to Resilient integration

AQL for dealing with searching for logs with a different time field.

Qradar and Resilient Integration Error

Additional Resources

Office

Quick Links

Additional
Resources