IBM QRadar Security Information and Event Management (SIEM) integration reference
BMC Helix Multi-Cloud Broker provides out-of-the-box mappings and application level configurations so you can create incidents in ITSM from IBM QRadar Security Information and Event Management (SIEM) to address such security challenges. To establish integration with IBM QRadar SIEM, you configure the following connectors, flows, and connector targets. You must set up tenant-level configurations.
After you complete the integration, your users can use features, for example, the creation of incidents in ITSM when a QRadar offense is created. Each flow in the list of flows is essentially a feature that you can use. Depending upon your use case, you might have to configure multiple flows. BMC Helix Multi-Cloud Broker logically chains the flows and connector processes to complete the feature.
List of connectors for integration with QRadar SIEM
You must configure the following connectors when setting up integration with QRadar SIEM. These connectors are integration points for the respective applications. For instance, to send the data from BMC Helix Multi-Cloud Broker to QRadar SIEM, you must configure a flow from the Multi-Cloud connector to the IBM QRadar connector.
List of flows for integration with QRadar SIEM
When enabling the integration with QRadar SIEM, configure the flows the enable the functionality. For example, to create an incident in ITSM from QRadar SIEM, you must configure the Create Incident from IBM QRadar Offense flow.
List of connector targets for integration with QRadar SIEM
When a ticket is brokered from any vendor to ITSM, the ticket data first comes in BMC Helix Multi-Cloud Broker before being sent to ITSM. To send the data from BMC Helix Multi-Cloud Broker to ITSM, you must configure the MCSM ITSM connector target and set it in the Connector Process ITSM.
Comments
Log in or register to comment.