How do I integrate with IBM Qradar?

The app is populating the reference sets in QRadar with the network assets IP's from Holm Security. The IP's have different severities, therefore different names of sets are labeled accordingly. By entering the API token and base URL. New set will be created in reference set management by the following names:

  • Holm_info_ip_assets 

  • Holm_low_ip_assets  
  • Holm_medium_ip_assets  
  • Holm_high_ip_assets  
  • Holm_critical_ip_assets  

Prerequisites

This guide assumes that QRadar app is installed and running. In order to access our app, you will also need to download QRadar app editor and QRadar Pulse: https://exchange.xforce.ibmcloud.com/hub/extension/5d0f3f37cc5c4d16ccafe9d40d8dffe5 for more information.Installation

  1. Click Admin > Apps > QRadar app editor.
  2. Click Existing app.
  3. Upload our app from Github (by cloning or by uploading the zipped file) found here: https://github.com/holmsecurity/api-examples/tree/master/integrations/Qradar
  4. Click Install and wait a couple of minutes.
  5. Refresh the main dashboard page and then click Holm Security development.
  6. Click Action > Deploy > Live mode.
  7. Click Holm Security from the bar and start using the app.
  8. Upload JSON file  Holm Security_v0.62.json  in to the QRadar Pulse app
  9. Done!

 

Have more questions? Submit a request

0 Comments

Please sign in to leave a comment.