ISECO
Toolset

Ticketing extends the capabilities of the native incident investigation workflow in QRadar by using a third-party ticketing tool. It allows manual or automatic ticket creation, bidirectional synchronisation of status, notes and information about closure between QRadar offense and external ticket. Configurable rules enable the information needed to create a ticket to be filled in advance thanks to predefined rules.

Features

• Creating of various templates for ticket creation
• Manual ticket creation right from the IBM QRadar offense user interface by choosing a template and creating a ticket
• Option to define rules for template selection and/or pre-fill data for external ticket
• Usage of conditions in rules based on the rule name, IP address, user name, and more
• Modular architecture to support various external ticketing tools
• Bidirectional integration of notes between offense and an external
• Automatic offense closure after ticket closure (and vice versa)

LogBook helps to keep track of user and administrator activity within the IBM QRadar interface by matching native audit records with user friendly records in the operation logbook.

Features

• Automatic search of native audit messages in IBM QRadar connected to user activity
• Creating of an entry in the operation logbook and pairing with IBM QRadar native audit records
• Approval workflow for storing logbook entries
• Unalterable entries in the operation logbook

Reporting improves the availability of IBM QRadar reports for external users and adds other missing functions – e.g. distribution of non-empty reports, possibility to parameterise queries and add external information to reports.

Features

• Distribution of generated native IBM QRadar reports to remote storages
• Possibility of distributing non-empty reports only
• Emailing of aggregated email notifications (summary of available reports)
• Configuration of report distribution / sending of email notifications using native user roles / IBM QRadar security profiles
• Creating parameterised AQL reports
• Creating advanced AQL reports exported to MS Excel format

Backup application extends the IBM QRadar default backup module and adds the possibility of distributing backups to external storage, introduces unified supervision of the backup process and the ability to create custom backups beyond standard backups.

Features

• Distribution of IBM QRadar native backups to remote storage (SMB, NFS, SFTP)
• Creating of a custom archive from any folder in IBM QRadar
• Maintaining archive retention on remote storage
• Advanced backup scheduling options
• Support of multiple sources and backup destinations
• Monitoring of all operations with IBM QRadar native tools (loggings, rules)
• Support of distributed and high accessibility deployments (HA)
• IBM QRadar SDK native application (QRadar in version 7.3.2 and higher)

Log Enhancer enriches the incoming messages with external information.

Features

• Possibility to add missing information to the message (e.g. DNS name to a message where only IP address is stated, translation of an employer’s number to user name)
• Using enriched information in the standard way - in custom entries or correlation rules
• Availability of 2 enrichment modes - direct (only the enriched message is saved in IBM QRadar) and redirected (original and enriched messages are saved in the IBM QRadar)

Based on our experience getting data from different log sources into IBM QRadar, we can offer our own agents for integrating unsupported or hard-to-integrate log sources.

IBM iSeries (AS 400)

Agent for IBM iSeries (AJEMON – Audit Journal Entry Monitor) reads information from IBM iSeries internal audit journal, formats it, and sends it to IBM QRadar using syslog. The agent was specifically created for the IBM iSeries with a deep knowledge of IBM iSeries audit subsystem and is fully configurable including filtering options. Monitoring of events from the message queue is available as an extension.

MSSQL audit agent

Agent for MSSQL audit citation contains a specific set of configurable components to provide secure MSSQL audit citation without an impact on the monitoring system. Agent removes known deficiencies in the MSSQL audit system (locking files, stopping the service, etc.)

Custom agents

If you’re looking for a way to integrate a specific system or a non-standard log format, turn to us. Our team has years of experience with integrations for IBM QRadar and we’re ready to help.