These IBM Security QRadar add-ons enhance the capabilities of your Security Information and Event Management (SIEM) solution by giving you greater insight and a more proactive role in your organization's IT security.
IBM QRadar Advisor with Watson
Using artificial intelligence (AI) and machine learning, focus your team's efforts on critical security concerns while Advisor handles repetitive security operations center (SOC) threats, drive consistent and thorough investigations, and reduce dwell times for a more decisive escalation process.
IBM QRadar Incident Forensics
Retrace a cybercriminal's actions for deep insights into the breach, reconstruct the data involved in a security incident for a step-by-step view of the offense, and give IT security teams greater visibility even without special skills or training.
IBM QRadar Data Store
Cost-effectively collect, parse and store large volumes of security and IT operations data. Use AI to generate deeper insights during investigations, and quickly build custom applications to address whatever security and IT operations concerns your business has.
IBM QRadar Data Synchronization App
Improve IT resiliency and disaster recovery. This app enables you to easily and cost-effectively copy data (events and flows) and configuration files between primary, or active, and secondary disaster recovery QRadar deployments. You can also manage which deployment is active in case of a disaster, human error or when testing your data resiliency capabilities.
Learn about disaster recovery →
Read the blog post →
Cargills Bank was able to leapfrog limitations by using IBM QRadar SIEM and QRadar Advisor with Watson to receive prioritized, real-time alerts and shorten investigation time.
Frequently asked questions
How is Data Store configured to separate data for storage from data for analysis?
Data Store is configured using a simple collection filter in QRadar. By selecting the data source or the event criteria from the data source, you can easily define which data is sent directly to Data Store. This filter can be changed at any time and immediately pushed into production.
Do the apps I install from the App Exchange use Data Store data?
Some do and some do not. Because Data Store data does not go through analysis or correlation, analytics-driven apps may not be able to fully use data collected using Data Store. All other capabilities, such as reporting, parsing, custom properties and dashboards, should work as expected.
What version of QRadar is necessary to use Data Store?
Customers must be using QRadar 7.3.1 or higher.
What types of appliances support the Data Store capability?
Data Store is a QRadar licensing overlay that uses existing storage and processing capacity on event processors and data nodes to collect, process and store data identified for Data Store. No new appliances are required, but additional data nodes may be purchased to support data storage needs.
What capabilities of QRadar will work with Data Store collected data?
Data Store is primarily used for log management, so its data is excluded from correlation and advanced security analytics capabilities. However, Data Store data can be used by most other capabilities, such as searching, reporting and visualization, as well as with custom applications built using the QRadar App Framework.