Hi,
Looking for IBM Integration with QRADAR (SIEM) appreciate if you can assist me on this please and I don’t have Security & compliance module enable in our environment.
We have licence for Lifecycle management and BFI
Thanks,
Shaban
Hi @Shahban,
You will need to be licensed for BigFix Compliance to be able to take full advantage of the integrations between QRadar and BigFix and you will also need QRadar Vulnerability Manager and Risk Manager. Below are the integrations that exist between QRadar and BigFix:
-
QRadar can collect BigFix Server log events (logins and logoffs, patch activity, etc.).
https://youtu.be/ZEO6Ll5QlAc -
BigFix provides Fixlet information to QRadar and QRadar can then correlate the endpoint status with other security/network events/activities to identify suspicious behavior.
https://youtu.be/1YUrzywMFgQ
https://youtu.be/zLKQ6CbDTKU
https://www.youtube.com/watch?v=B30jZKvbrnc -
There is the BigFix App for QRadar which allows Security to have better visibility into the hygeine of the endpoints.
https://www.youtube.com/watch?v=TxANvKJ8hzc
Here is a great document that has all the information you need for setting up the integrations:
https://www.ibm.com/developerworks/community/wikis/home?lang=en#!/wiki/Tivoli%20Endpoint%20Manager/page/BigFix%20and%20QRadar%20Integration?section=incorporating
And here is a link for downloading the BigFix App:
https://www.ibm.com/developerworks/community/wikis/home?lang=en#!/wiki/Tivoli%20Endpoint%20Manager/page/BigFix%20App%20for%20QRadar
2 Likes
Hi @Mhayden
Thanks for your response.
Please assist me SCA must be require for QRadar integration and can not be use basic functionality where as we have Life cycle licence for Bigfix.
Thanks,
Shaban