IE11 browser is not supported

please, use a differnet browser

Solutions

ISECO
Toolset

ISECO Toolset
I
Book a consultation

The ISECO Toolset significantly improves the capabilities of security monitoring of the IBM QRadar SIEM platform and its operation.

Home Credit

It expands IBM QRadar SIEM/ISM native capabilities, simplifies its operation and/or allows advanced threat detection for your network or company. All this as a stand alone product or as part of our ISECO Security Monitor solution.

ISECO has implemented and continues to provide services for IBM QRadar independently or as part of the ISECO Security Monitor solution for more than 39 clients in the Czech Republic and worldwide.

Realisations

Banks
and Insurance companies

Utility &
manufacturing

Other

Modules

#
01

Ticketing

Ticketing extends the capabilities of the native incident investigation workflow in QRadar by using a third-party ticketing tool. It allows manual or automatic ticket creation, bidirectional synchronisation of status, notes and information about closure between QRadar offense and external ticket. Configurable rules enable the information needed to create a ticket to be filled in advance thanks to predefined rules.

Features
  • Creating of various templates for ticket creation
  • Manual ticket creation right from the IBM QRadar offense user interface by choosing a template and creating a ticket
  • Option to define rules for template selection and/or pre-fill data for external ticket
  • Usage of conditions in rules based on the rule name, IP address, user name, and more
  • Modular architecture to support various external ticketing tools
  • Bidirectional integration of notes between offense and an external
  • Automatic offense closure after ticket closure (and vice versa)
02

LogBook

LogBook helps to keep track of user and administrator activity within the IBM QRadar interface by matching native audit records with user friendly records in the operation logbook.

Features
  • Automatic search of native audit messages in IBM QRadar connected to user activity
  • Creating of an entry in the operation logbook and pairing with IBM QRadar native audit records
  • Approval workflow for storing logbook entries
  • Unalterable entries in the operation logbook
03

Reporting

Reporting improves the availability of IBM QRadar reports for external users and adds other missing functions – e.g. distribution of non-empty reports, possibility to parameterise queries and add external information to reports.

Features
  • Distribution of generated native IBM QRadar reports to remote storages
  • Possibility of distributing non-empty reports only
  • Emailing of aggregated email notifications (summary of available reports)
  • Configuration of report distribution / sending of email notifications using native user roles / IBM QRadar security profiles
  • Creating parameterised AQL reports
  • Creating advanced AQL reports exported to MS Excel format
04

Backup

Backup application extends the IBM QRadar default backup module and adds the possibility of distributing backups to external storage, introduces unified supervision of the backup process and the ability to create custom backups beyond standard backups.

Features
  • Distribution of IBM QRadar native backups to remote storage (SMB, NFS, SFTP)
  • Creating of a custom archive from any folder in IBM QRadar
  • Maintaining archive retention on remote storage
  • Advanced backup scheduling options
  • Support of multiple sources and backup destinations
  • Monitoring of all operations with IBM QRadar native tools (loggings, rules)
  • Support of distributed and high accessibility deployments (HA)
  • IBM QRadar SDK native application (QRadar in version 7.3.2 and higher)
05

Log Enhancer

Log Enhancer enriches the incoming messages with external information.

Features
  • Possibility to add missing information to the message (e.g. DNS name to a message where only IP address is stated, translation of an employer’s number to user name)
  • Using enriched information in the standard way - in custom entries or correlation rules
  • Availability of 2 enrichment modes - direct (only the enriched message is saved in IBM QRadar) and redirected (original and enriched messages are saved in the IBM QRadar)
06

Custom agents

Based on our experience getting data from different log sources into IBM QRadar, we can offer our own agents for integrating unsupported or hard-to-integrate log sources.

IBM iSeries (AS 400)

Agent for IBM iSeries (AJEMON – Audit Journal Entry Monitor) reads information from IBM iSeries internal audit journal, formats it, and sends it to IBM QRadar using syslog. The agent was specifically created for the IBM iSeries with a deep knowledge of IBM iSeries audit subsystem and is fully configurable including filtering options. Monitoring of events from the message queue is available as an extension.

MSSQL audit agent

Agent for MSSQL audit citation contains a specific set of configurable components to provide secure MSSQL audit citation without an impact on the monitoring system. Agent removes known deficiencies in the MSSQL audit system (locking files, stopping the service, etc.)

Custom agents

If you’re looking for a way to integrate a specific system or a non-standard log format, turn to us. Our team has years of experience with integrations for IBM QRadar and we’re ready to help.

Price list

#
Lifetime licenseAnnual subscription
01 Ticketing2 900 EUR1 200 EUR
02 LogBook2 400 EUR1 000 EUR
03 Reporting2 400 EUR1 000 EUR
04 Backup2 400 EUR1 000 EUR
05 Incident Report1 900 EUR800 EUR
06 Log Enhancer1 900 EUR800 EUR
07 Custom AgentsOn DemandOn Demand

First year of maintenance is included in the license price. Second and following years are 25 % from the license price.

License types

  • Lifetime licence and annual maintenance
  • Annual subscription (maintenance included)

Support

  • Regular updates and application upgrades
  • Technical support in case of application problems with 8×5 CET availability and NBD response
Consultation

Would you like to know how the ISECO Toolset can help your company? Our team will be happy to assist you.

We will get in touch within
24 hours.

© 2022 ISECO.CZ

Privacy & Policy Cookies

Made by Molekula