Pull logs from ServiceNow to QRadar with OOTB Plugin?

Angel R
Tera Expert

on ‎04-12-2022 05:46 AM

We are using SIEM solution QRadar and we need to come up with a solution that pulls the event logs from the syslog and sysevent table in ServiceNow.

We're interested in user events to begin with, do you know if "IBM QRadar Integration for Security Operations" plugin allows that or this is just to push information from QRadar? Is there any other solution OOTB to do that?

Thanks in advance.

Kind Regards.

0 Helpfuls
  • 992 Views
Comments
Rahul Priyadars
Giga Sage
Giga Sage
‎04-15-2022 07:42 AM

we have done Similar Integration with SPLUNK using a Connector refer community thread - https://community.servicenow.com/community?id=community_question&sys_id=f5d9f3c01be48950aefc11751a4bcb1b

In case of IBM Q-Radar-- connector is to Push from Qradar to Sec-Ops module not the  way around you are looking for. 

Probably a REST GET Call from Q-Radar to Service Now conceptually works , But Its tricky to set how frequent. 

We're interested in user events to begin with, do you know if "IBM QRadar Integration for Security Operations" plugin allows that  --> NO OOTB.

See if it helps u- https://docs.servicenow.com/en-US/bundle/sandiego-platform-administration/page/integrate/vendor-specific-integrations/reference/r_SyslogProbe.html

Regards

RP

Angel R
Tera Expert
‎04-19-2022 06:49 AM

Thank you for your comment Rahul.

0 Helpfuls
Version history
Last update:
‎04-12-2022 05:46 AM
Updated by: