Glossary
This glossary provides terms and definitions for the IBM Security QRadar Suite Software software and products.
The following cross-references are used in this glossary:
- See refers you from a nonpreferred term to the preferred term or from an abbreviation to the spelled-out form.
- See also refers you to a related or contrasting term.
A
- activity
- The function that a rule executes when the appropriate conditions are satisfied.
- air-gapped environment
- A network environment that does not have internet access.
- artifact
- An entity that is used or produced by a software or systems development process. Examples of artifacts include designs, requirements, source files, plans, scripts, simulations, models, test plans, and binary executable files. In an HTTP context, artifacts have a URI and are called resources.
- automatic rule
- A rule that executes without user involvement when its conditions are satisfied.
C
- CA
- See certificate authority.
- CEP
- See complex event processing.
- certificate authority (CA)
- A component that issues certificates to each computer on which components are installed.
- certificate signing request (CSR)
- An electronic message that an organization sends to a certificate authority (CA) to obtain a certificate. The request includes a public key and is signed with a private key; the CA returns the certificate after signing with its own private key.
- classification policy
- A set of rules that is designed to discover and identify sensitive data elements.
- common vulnerabilities exposure (CVE)
- A reference of publicly known network vulnerabilities which is part of the National Vulnerabilities Database (NVD), maintained by the US National Institute of Standards and Technology (NIST).
- complex event processing (CEP)
- The processing of events that have rules that rely on the data and timing of more than one event.
- connector
- The means by which a data source is connected to a product or service.
- CRD
- See custom resource definition.
- CSR
- See certificate signing request.
- CTI
- See cyber threat intelligence.
- custom action
- A security orchestration, automation, and response (SOAR) object that can populate a custom field or data table in the SOAR platform.
- custom resource
- An instance of a custom resource definition. See also custom resource definition.
- custom resource definition (CRD)
- A customizable YAML file that defines a logically related group of objects in a cluster. Custom resource definitions enable a custom resource to be used like any native Kubernetes object in the cluster. See also custom resource.
- CVE
- See common vulnerabilities exposure.
- cyber threat intelligence (CTI)
- Information about a cyber threat that has been collected, evaluated in its context, and analyzed by experts to detect deception and help the customer learn more about a cyber threat.
D
- data stream
- A set of processes that convert extracted data into a normalized data set.
E
- endpoint
- The system that is the origin or destination of a session.
I
- identity provider
-
A provider who offers user authentication as a service. Authentication of a user's sign-in details is performed by the identity provider who creates, manages, and maintains the user's identity information. Identity providers enable users in an organization to single sign-on (SSO) to one or more systems.
- indicator of compromise (IoC)
- Digital evidence from a security incident that can be used to provide information about an intrusion or issue.
- information asset
- A piece of information that is of value to the organization and can have relationships, dependencies, or both, with other information assets.
- IoC
- See indicator of compromise.
M
- message destination
- The component where process messages are sent for processing by a program or script.
O
- ordered activity
- An action that occurs when the rule conditions are satisfied. Multiple activities are invoked in a specified order when the rule is configured.
P
- persistent volume claim (PVC)
- A request for cluster storage.
- phase
- A distinct part of a process in which related operations are performed.
- pod
- A group of containers that are running on a Kubernetes cluster. A pod is a runnable unit of work, which can be a either a stand-alone application or a microservice.
- PVC
- See persistent volume claim.
R
- risk area
- A logical group of threats of a similar nature. Risk areas are plotted based on the probability of a threat happening versus its impact to the business.
- risk profile
- The user-configured information about a risk that sets threshold values for factors of various risk vectors to evaluate risk from multiple source products at the asset level.
- risk score
- A measure of how much risk an asset poses to a site, based on how critical the asset is and the amount and severity of attacks that are made against the asset.
S
- secret
- A type of sensitive information, such as a password or an API key, that is used by an application to access a protected resource.
- security information and event management (SIEM)
- A service that consolidates security alerts, events, and data from thousands of devices, endpoints, and applications distributed through a network. It correlates raw data to identify security offenses, detect anomalies, uncover threats, and remove false positives.
- SIEM
- See security information and event management.
- SOAR playbook
- The set of tools, conditions, business logic, flows, and tasks that are used to respond to security events and threats in a security orchestration, automation, and response (SOAR) environment.
U
- Universally Unique Identifier (UUID)
- The 128-bit numeric identifier that is used to ensure that two components do not have the same identifier.
- UUID
- See Universally Unique Identifier.