Overview

These IBM Security QRadar add-ons enhance the capabilities of your Security Information and Event Management (SIEM) solution by giving you greater insight and a more proactive role in your organization's IT security.

IBM QRadar Advisor with Watson

IBM QRadar Incident Forensics

IBM QRadar Data Store

IBM QRadar Data Synchronization App

Client stories

Frequently asked questions

How is Data Store configured to separate data for storage from data for analysis?

Data Store is configured using a simple collection filter in QRadar. By selecting the data source or the event criteria from the data source, you can easily define which data is sent directly to Data Store. This filter can be changed at any time and immediately pushed into production.

Do the apps I install from the App Exchange use Data Store data?

Some do and some do not. Because Data Store data does not go through analysis or correlation, analytics-driven apps may not be able to fully use data collected using Data Store. All other capabilities, such as reporting, parsing, custom properties and dashboards, should work as expected.

What version of QRadar is necessary to use Data Store?

Customers must be using QRadar 7.3.1 or higher.

What types of appliances support the Data Store capability?

Data Store is a QRadar licensing overlay that uses existing storage and processing capacity on event processors and data nodes to collect, process and store data identified for Data Store. No new appliances are required, but additional data nodes may be purchased to support data storage needs.

What capabilities of QRadar will work with Data Store collected data?

Data Store is primarily used for log management, so its data is excluded from correlation and advanced security analytics capabilities. However, Data Store data can be used by most other capabilities, such as searching, reporting and visualization, as well as with custom applications built using the QRadar App Framework.