QRadar data mapping
The IBM® QRadar connector incrementally synchronizes the contents of the QRadar® databases with the data that is managed by the Connected Assets and Risk service.
The following table shows the Connected Assets and Risk connector to QRadar data mapping.
| CAR vertex/edge | CAR field | QRadar field |
|---|---|---|
| asset | external_id | id |
| name | typename | |
| type | propertyvalue | |
| hostname | _key | hostname |
| ipaddress | _key | ipaddress |
| macaddress | interface | id |
| _key | macaddress | |
| port | protocol | variant |
| port_number | portnumber | |
| description | description | |
| external_id | id | |
| user | username | username |
| external_id | id | |
| vulnerability | external_reference | cveid |
| external_id | vulnid | |
| extref_value | xforceid | |
| name | osvdbtitle | |
| description | text | |
| published_on | exploitpublishdate | |
| extref_value | text | |
| extref_value | text | |
| base_score | base_score | |
| extref_value | cvsstemporalscore | |
| extref_value | pci_severity | |
| asset_hostname | from_external_id | id |
| _to | hostname | |
| external_id | id | |
| asset_ipaddress | from_external_id | id |
| _to | ipaddress | |
| external_id | id | |
| asset_macaddress | from_external_id | id |
| _to | macaddress | |
| external_id | id | |
| id | ||
| asset_vulnerability | from_external_id | assetId |
| _to_external_id | id | |
| external_id | id | |
| ipaddress_macaddress | _from | ipaddress |
| _to | macaddress | |
| external_id | id | |
| ipaddress_port | _from | ipaddress |
| _to_external_id | id | |
| external_id | id | |
| ipaddress_vulnerability | _from | ipaddress |
| _to_external_id | id | |
| external_id | id | |
| port_vulnerability | from_external_id | id |
| _to_external_id | id | |
| external_id | id |