-
Security Announcements
-
Product News
-
Next-Gen Vulnerability Management
-
Getting Started
-
General
-
Operating Status
-
System & Network Scanning
-
Web Application Scanning
-
Cloud Scanning (CSPM)
-
API Scanning
-
Phishing & Awareness Training
-
Scanner Appliance
-
Device Agent
-
On-premise platform deployment
-
Asset Management
-
Vulnerability Manager
-
Reports
-
Digest Reports
-
Organizer
-
Continuous Monitoring
-
Integrations
-
Platform API
-
Remediation
-
Users
-
PCI DSS
-
Terms & Conditions
-
Dashboard
How do I integrate with IBM QRadar?
With our IBM QRadar SIEM integration, you are able to receive asset information from Holm Security VMP directly into IBM QRadar. This data can subsequently be processed by QRadar via an AXIS scan. This integration runs via a script that makes the correct requests to the Holm Security REST API for you. It's recommended to set up a Cron job that executes the script regularly.
Prerequisites
API access needs to be enabled, and an API token must be created in Holm Security. The token and base URL are used for establishing the integration. Make sure that the net-assets endpoint is allowed for reading while creating the token.
Read more on how to set up an API token here:
https://support.holmsecurity.com/knowledge/how-do-i-set-up-an-api-token
Setup
You can find the scripts and readme here (external link):
https://github.com/holmsecurity/api-examples/tree/master/integrations/Qradar