Universal Data Insights connectors
Edge Gateway
To use the IBM® Security Edge Gateway to host the containers that are required for communication between the data sources and IBM Security QRadar Suite Software, you must install the Edge Gateway software in your own environment. For more information, see Edge Gateway.
Data sources
You can connect data sources to QRadar Suite Software by using connectors. Use a connector to configure each data source connection.
STIX Bundle
Structured Threat Information eXpression (STIX) is a language and serialization format that organizations can use to exchange cyberthreat intelligence. A STIX Bundle can be used in place of a data source connector to share cyberthreat intelligence by using STIX Objects. With the STIX Bundle as a data source you can search for any attack pattern, campaign, course of action, identity, indicator, intrusion set, malware, report, threat actor, tool, and vulnerability.
Configuring a data source connection
To see the Data Sources page and configure data source connections, you must have the Data Sources Admin role.
A data source connection is a record that represents a physical box that holds information on how to connect to the source and to access its data. Different users can use the data source connection; the configuration includes setting up credentials. You can configure multiple connections to a data source.
It is important to connect to a data source during the initial setup of QRadar Suite Software. Then, when you start to use an application or a dashboard, QRadar Suite Software has a source from which to retrieve the data to be displayed.
For example, to run a query with Data Explorer, you must have data sources that are connected. Then, the application can run queries and retrieve results across a unified set of data sources. The search results vary depending on your configured data sources.
Procedure overview
To connect a data source to QRadar Suite Software:
- Define the general details about the connection to allow QRadar Suite Software to connect to the data source.
- Set the parameters to control the behavior of the search query on the data source.
- Optionally, from QRadar and QRadar on Cloud, set up the data source connection to regularly import asset data into QRadar Suite Software.
- Supply the unique identifier of the data source that you want to establish connection with. It is required to authenticate the connection request.
- As a security measure, define who can access the data source.
STIX attributes
For more information about the STIX attributes for each of the available connectors, see STIX objects and properties.