IBM Security ReaQta

Enrich SIEM logs with high-fidelity endpoint alerts by using the IBM® Security ReaQta DSM.

Integrating IBM Security ReaQta with QRadar SIEM

Tip: You can integrate IBM Security ReaQta with QRadar® SIEM with no impact to your EPS count. Contact your IBM sales representative or IBM Business Partner for details.
To integrate ReaQta with QRadar, complete the following steps:
  1. If automatic updates are not enabled, download the most recent versions of the RPMs from the IBM support website (https://www.ibm.com/support).
    • PROTOCOL IBMSecurityReaQtaRESTAPI RPM
    • DSM - IBMSecurityReaQta DSM RPM
  2. Configure your ReaQta platform to send alerts to QRadar. See Configuring IBM Security ReaQta to communicate with QRadar.
  3. Add a ReaQta log source that uses the IBM Security ReaQta protocol on the QRadar Console. See IBM Security ReaQta REST API data source parameters for ReaQta.

    For more information about adding a log source, see Adding a log source.

  4. Configure QRadar to collect only the first username from the ReaQta alert for the username parameter value. See Configuring QRadar to collect only the first username from the alert.

Adding your additional EPS

When you have entitlements to both IBM QRadar and IBM Security ReaQta, you are entitled to an extra 100 EPS to use in QRadar. To add this additional EPS in QRadar, follow these steps:
  1. Contact your local sales representative and provide them with your sales order numbers to obtain the license key.
  2. Upload the license key in QRadar.
  3. Allocate the license key to a host.
  4. Deploy the changes.