IBM Security Randori Recon

The IBM® QRadar® DSM for IBM Security Randori Recon collects alerts from Randori Recon.

To integrate Randori Recon with QRadar, complete the following steps:
  1. If automatic updates are not enabled, download the most recent versions of the RPMs from the IBM support website (https://www.ibm.com/support).
    • PROTOCOL IBMSecurityRandoriRESTAPI RPM
    • DSM IBMSecurityRandoriRESTAPI DSM RPM
  2. Add a Randori Recon log source that uses the IBM Security Randori REST API protocol on the QRadar Console. See IBM Security Randori REST API protocol log source parameters for IBM Security Randori Recon.
    Tip: Before you can configure a log source for Randori Recon in QRadar, you must obtain an API Key from the Randori web portal. You need to have a Randori account to access the portal. For more information about obtaining this value, see How to Add an API token (https://www.ibm.com/docs/en/SSD5I5K/intapi_api_AddAPIToken.html).

    For more information about adding a log source in QRadar, see Adding a log source.