remkohdev/intro-qradar

QRadar Exploration

IBM® QRadar® Security Information and Event Management (SIEM) helps security teams accurately detect and prioritize threats across the enterprise, and it provides intelligent insights that enable teams to respond quickly to reduce the impact of incidents. By consolidating log events and network flow data from thousands of devices, endpoints and applications distributed throughout your network, QRadar correlates all this different information and aggregates related events into single alerts to accelerates incident analysis and remediation. QRadar SIEM is available on premises and in a cloud environment.

IBM QRadar offers Intelligent security analytics for insight into your most critical threats.

• Comprehensive Visibility - Gain centralized insight into logs, flow and events across on-premises, SaaS and IaaS environments
• Eliminate manual tasks - Centrally see all events related to a particular threat in one place to eliminate manual tracking processes and enable analysts to focus on investigation and response
• Real-time threat detection - Leverage out-of-the-box analytics that automatically analyze logs and network flows to detect threats and generate prioritized alerts as attacks progress through the kill chain
• Easily manage compliance - Comply with internal organizational policies and external regulations by leveraging pre-built reports and templates

Key features

• Ingest vast amounts of data from on-prem and cloud sources
• Applies built-in analytics to accurately detect threats
• Correlate related activities to prioritize incidents
• Automatically parses and normalizes logs
• Threat intelligence and support for STIX/TAXII
• Integrates out-of-the-box with 450 solutions
• Flexible architecture can be deployed on-prem or on cloud
• Highly scalable, self-tuning and self-managing database

Objective

As the Security Intelligence and Operation platform, QRadar offers comprehensive product portfolio. This workshop focuses on couple of items within IBM® QRadar® Security Information and Event Management (SIEM) product from the developer perspective.

• how to create a custom DSM
• how to create a custom application

Tools Used

• QRadar
• QRadar App Editor
• Python

Requirements

• Access to QRadar system
• IBM ID to access IBM X-Force Exchange / App Exchange

Workshop Flow

QRadar is a complex platform. As a developer, you learn how to

• create a custom DSM
• create a custom application

QRadar Lab1 - Create a new DSM

In this first lab, you walk through steps to build a new DSM in QRadar console. Follow the instructions in the Readme of QRadar Lab1 - Create a new DSM

QRadar Lab2 - Create a new QRadar App

This lab will walk you through steps to build, modify and delete an application in QRadar console. Follow the instructions in the Readme of QRadar Lab2 - Create a new QRadar App.

Related Links

• Open Cybersecurity Alliance
• IBM QRadar SIEM
• IBM QRadar Log Manager
• IBM QRadar Vulnerability Manager
• IBM QRadar on Cloud
• IBM QRadar Advisor with Watson
• IBM QRadar Network Insights
• IBM QRadar Incident Forensics