QRadar Suite Software services

Universal Data Insights

Use the Universal Data Insights component to enable applications to provide the following functions:

• Query and combine security data from any data source, either in the cloud or on premises, by using a query language and syntax that complies with either STIX 2 or AQL standards.
• Access data and insights across all data lakes and ponds by using a simple STIX 2 or AQL API.
• Use external tools to hunt for security threats.

For more information about connectors in the QRadar Suite Software UI console, including examples, see Connecting a data source.

For more information about the STIX API, see the overview topic in the OCA open cybersecurity alliance documentation for the STIX-shifter project .

Connected Assets and Risk

The Connected Assets and Risk service collects information about assets, users, and their risk profile. The service is used to share asset and risk information across the QRadar Suite Software platform.

The Connected Assets and Risk service can store any asset-related information, such as details about an asset, hostname, user, IP address, or application. Each asset is represented as an entity, and shows how the asset is related to other assets and the risk that is associated with them. The service uses the Connected Assets and Risk API to push the data to the QRadar Suite Software graph database.

By linking all tenant asset and user information in a common database, the insights can be shared and used with other applications to provide a better understanding of the environment and the overall risk posture. For example, you can run queries against the Connected Assets and Risk data in IBM® Security Data Explorer. The data is also used by IBM Security Threat Investigator during a case investigation to show the assets that might be affected by a potential threat.

For more information, see Connected Assets and Risk connectors.

QRadar Proxy

IBM QRadar Proxy provides communication between IBM Security QRadar Suite Software and IBM QRadar or QRadar on Cloud. This communication uses APIs to pull powerful QRadar data into the QRadar SIEM dashboards. Administrators use QRadar Proxy to enter connection settings that enable communication between QRadar Suite Software and QRadar. Then, both administrative and non-administrative users can enter their own authentication token so that they can access QRadar content in their QRadar SIEM dashboard widgets.

For more information, see IBM QRadar Proxy.

Risk Manager

IBM Security Risk Manager automatically collects, correlates, and contextualizes risk insights across the IT and security ecosystem of your organization. These risk insights are presented in a business-consumable dashboard to prioritize and remediate security risks. Risk Manager provides the following key features:

• Unified view of disparate security risk metrics from multiple vectors, such as data, identity, and infrastructure that helps risk prioritization.
• Standard risk-scoring framework for consistent and common risk definition that is easily understood by all stakeholders.
• Risk remediation management by using workflow management systems.

The basic features of Risk Manager are freely available to all QRadar Suite Software. The Risk Manager Advanced application provides differentiated capabilities for licensed users, such as, recommendations to implement remedial actions, risk trend to view and track risk progression over time, and custom risk configuration to compute the risk score.

For more information, see Risk Manager.