IBM Security QRadar SOAR

 View Only
  • 1.  Best app to retrieve QRadar event

    Posted Tue August 23, 2022 04:06 PM
    Hi,
    There are two apps offering a function to allow retreiving events from QRadar:
    - QRadar Integration with the QRadar Search function
    - QRadar Enhanced Data Migration with the QRadar Top Events function

    Both use similar parameters.
    I was wondering if one is better than the other. 

    When I started developping our playbooks, I bet on the QRadar Enhanced Data Migration app because it somehow looked more "modern".  Now I have an incident opened because the function has stopped working for many days and I am considering replacing it with the one from the other app.

    Does anybody has any recommandations pertaining to these two Apps?
    Thanks

    ------------------------------
    Pierre Dufresne
    ------------------------------


  • 2.  RE: Best app to retrieve QRadar event

    Posted Thu August 25, 2022 11:59 AM

    Hi Pierre,


    QRadar Enhanced Data Migration is a more recent app and provides a lot of additional info about the offense like events, flows, rules , source and destination ips. It is also an Out of the box experience with minimal configuration required. 

    Could you please share more on - the function has stopped working for many days . Which version of the app are you using and do you have any logs related to the failure?

    Thanks,

    Chaitanya



    ------------------------------
    Chaitanya Challa
    ------------------------------



  • 3.  RE: Best app to retrieve QRadar event

    Posted Mon August 29, 2022 09:12 AM
    Hi Chaitanya,
    Thanks for your reply.  I don't want to bother the community with my problem because I already have an open case for it.

    I was just wondering if both functions use the same method to access QRadar events and if one is better than the other.  Besides the fact that "QRadar Enhanced Data Migration is a more recent app and provides a lot of additional info about the offense like...", I guess it makes no difference using either of them to fetch the events in QRadar.


    ------------------------------
    Pierre Dufresne
    ------------------------------