QRadar Connector

You can use the IBM Security Directory Integrator QRadar Connector to integrate unsupported event sources with QRadar.

QRadar is a next-generation security information and event management solution. It uses event information that comes from various log sources through its Device Support Modules (DSMs). The information must be in a format that is known as Log Event Extended Format (LEEF). The current version of LEEF is 1.0.

The QRadar connector accepts the following inputs:

The QRadar Connector is designed to simplify the integration of unsupported event sources with QRadar. You can create valid LEEF event information by mapping from input data fields to the attributes of the LEEF V1.0 schema. You can create an IBM Security Directory Integrator AssemblyLine with a connector that is configured to read or receive event data, followed by the QRadar Connector. The QRadar Connector produces the required LEEF output.

Before QRadar can use events that are created in this way, these events must be mapped in QRadar to allow for appropriate categorization. For more information, see the QRadar documentation.