Installing content extensions to use in QRadar Cloud Visibility

Before you can visualize your offense data in IBM® QRadar® Cloud Visibility, you must download and install the content extensions for the cloud services that you want to monitor. You can monitor offenses from Amazon AWS, Microsoft Azure, and IBM Cloud services.

Procedure

  1. Log in to IBM Security App Exchange (https://exchange.xforce.ibmcloud.com/hub).
  2. Search for and download the following content extensions:
    • IBM Security QRadar Custom Properties for Amazon AWS
    • IBM Security QRadar Custom Properties for Microsoft Azure
    • IBM Security QRadar Content Extension for IBM Cloud
    • IBM Security QRadar Content Extension for Hybrid Cloud Use Cases
  3. On the Console, click the Admin tab, then click Extensions Management in the System Configuration section.
  4. To upload an extension, click Add and select the extension that you want to upload.
    Note: The extension (.zip) must be downloaded to your local computer before it can be uploaded to the Console.
  5. To install the extension immediately, select the Install immediately check box and then click Add. A preview of the content is displayed before the extension is installed, and the content items are compared to content items that are already in the deployment. If the content items exist, you can choose to overwrite them or to keep the existing data. If you choose to keep the existing data, no updated content extension items are installed.
  6. Select Overwrite to add the new data to QRadar.
  7. After the extensions are added to QRadar, you can enable the rules by clicking Offenses > Rules.
  8. Select a group from the Group list, and enable the following rules for each content extension:
    • For AWS, select the Amazon AWS group. Select all rules that you want to monitor, then click Actions > Enable.
    • For Microsoft Azure, select the Azure group. Select all rules that you want to monitor, then click Actions > Enable.
    • For IBM Cloud, select the IBM Cloud group. Select all rules that you want to monitor, then click Actions > Enable.

What to do next

Installing QRadar Cloud Visibility