IBM Security QRadar EDR

The data source type for IBM® Security QRadar® EDR collects alerts that are forwarded from QRadar EDR.
To integrate QRadar EDR with the QRadar platform, complete the following steps:
  1. Configure your QRadar EDR platform to send alerts to the QRadar platform. For more information, see Configuring QRadar EDR to communicate with QRadar Log Insights.
  2. Add a QRadar EDR data source.

    When you configure the data source, use the Universal Cloud REST API connector type to pull alerts from your QRadar EDR platform.

    For more information about adding a data source, see Adding ingestion data sources.

  3. Optional: If you want to enable federated search for your QRadar EDR platform, configure a connection to the data source. For more information, see Connecting data sources for federated search and querying.

If you are an IBM QRadar user, see Terminology changes for QRadar customers.