IBM Security QRadar EDR
Enrich SIEM logs with high-fidelity endpoint alerts by using the IBM® Security
QRadar® EDR DSM.
IBM Security QRadar EDR is formerly known as IBM Security ReaQta. The DSM RPM name remains as IBM Security ReaQta.
Integrating IBM Security QRadar EDR with QRadar SIEM
Tip: You can integrate IBM Security
QRadar EDR with QRadar SIEM with no impact to your
EPS count. Contact your IBM sales representative or IBM Business Partner for details.
To integrate QRadar EDR with QRadar, complete the following steps:
- If automatic updates are not enabled, download the most recent versions of the RPMs from the
IBM support website (https://www.ibm.com/support).
- PROTOCOL IBMSecurityReaQtaRESTAPI RPM
- DSM - IBMSecurityReaQta DSM RPM
- Configure your QRadar EDR platform to send alerts to QRadar. See Configuring IBM Security QRadar EDR to communicate with QRadar.
- Add a QRadar EDR log source that
uses the IBM Security
QRadar EDR protocol on
the QRadar
Console. See IBM Security QRadar EDR REST API data source parameters for QRadar EDR.
For more information about adding a log source, see Adding a log source.
- Configure QRadar to collect only the first username from the QRadar EDR alert for the username parameter value. See Configuring QRadar to collect only the first username from the alert.
Adding your additional EPS
When you have entitlements to both IBM
QRadar and IBM Security
QRadar EDR, you are entitled to an
extra 100 EPS to use in QRadar. To add this additional EPS in QRadar, follow these steps:
- Contact your local sales representative and provide them with your sales order numbers to obtain the license key.
- Upload the license key in QRadar.
- Allocate the license key to a host.
- Deploy the changes.