IBM QRadar
Integration guide
Licenses:
IBM license: IBM QRadar SIEM
Version 7.2.8 or higher
Everbridge license: Active IT Alerting standard or IT Alerting enterprise
Version: SaaS Annual Subscription (latest version).
Security:
- An IBM QRadar administrator account must be used to install and configure the extension
- An IBM QRadar Authorized Service and corresponding Authorized Service Token are required in order to use this extension
- Everbridge user account with API Privileges
- An API key is needed, but that will be generated when you perform the procedures in the iPaaS Configuration section of the Everbridge user guide under Documentation at https://manager.everbridge.net/login
Deployment
A distributable archive and documentation for installing and configuring the integration is available on the IBM X-Force App Exchange.
Inbound Interaction
User can control the conditions under which IBM QRadar automatically triggers incident creation in Everbridge:
Outbound Interaction
Everbridge incident and notification delivery details are available in the IBM QRadar offense details:
When the delivery details URL is visited, a page like the following is displayed:
You can configure the IBM QRadar integration and choose whether or not Everbridge incidents are automatically created from IBM QRadar offenses:
You can also customize the fields that are sent to Everbridge:
And you can manually create an incident from an IBM QRadar offense details page:
Documentation
Under Help & Support -> Online Help, read the following section:
Under Help & Support -> Everbridge Support Center, download the IT Alerting User Guide, and read the following section:
Download the Admin Guide for the IBM QRadar Integration from IBM’s X-Force App Exchange.
