Integration between QRADAR with ServiceNow

Neha52 · ‎01-22-2019

Hi all,

How we can do integration between QRadar with Servicenow. If anybody has been done please share the document as well. I got something from servicenow doc, but i am unable to understand properly. Please help..

Thanks for the advance.

Regards,

Neha

shubham jagtap · ‎01-22-2019

Hi,

QRadar integration setup

Before you can use the QRadar integration, you must activate the plugin and configure the integration. If necessary, you can also update your X509 SSL certification

Activate and configure the IBM QRadar SIEM integration

The Integration Configuration feature allows you to quickly activate and set up third-party security integrations, including Security Operations QRadar Integration.

Before you begin

Role required: admin

Note: This procedure can be used to activate the plugin and configure the integration. You can also activate the plugin using the traditional method.

Procedure

Navigate to Security Operations > Integration Configuration.
The available security integrations appear as a series of cards.
In the QRadar card, click Install Plugin.
In the Install IBM QRadar - Enrichment integration dialog box, review the plugin details and click Activate.
When the activation is complete, click Close & Reload Form.
The Security Integration screen reloads and the Configure button for the integration is available.
Click Configure.
Fill in the fields on the form, as appropriate.
Click Submit

you can refer below link:

https://docs.servicenow.com/bundle/istanbul-security-management/page/product/qradar-integration/concept/set-up-qradar.html

https://www-01.ibm.com/support/docview.wss?uid=swg21997981

https://www-01.ibm.com/support/docview.wss?uid=swg21969815

https://www.youtube.com/watch?v=7wAE4TnyERI

https://www.youtube.com/watch?v=WR1AsL8ia7U

https://docs.servicenow.com/bundle/istanbul-security-management/page/product/qradar-integration/task/set-up-qradar.html

https://docs.servicenow.com/bundle/istanbul-security-management/page/product/qradar-integration/concept/ibm-qradar-siem-integration.html

https://docs.servicenow.com/bundle/istanbul-security-management/page/product/qradar-integration/reference/qradar-landing-page.html

https://exchange.xforce.ibmcloud.com/hub/extension/ServiceNow:ServiceNow%20Security%20Operations%20for%20IBM%20QRadar

After going throw this mark it as correct/helpfull .

Thank You.

View solution in original post

Tammy Hope · ‎09-30-2019

You can also check out the certified app in the ServiceNow store - https://store.servicenow.com/sn_appstore_store.do#!/store/application/701b840bdb05778072a7ff00ba96199c/2.0.6?referer=sn_appstore_store.do%23!%2Fstore%2Fsearch%3Fq%3Debridge%2520qradar

Key Features

Champion Solutions Group provides a dynamic, real-time interface connecting the IBM QRadar enterprise SIEM with ServiceNow.

CMDB Discovery of assets
CMDB Relationship mapping of QRadar related lists
Asset Model
- Type
- Name
- Value
- Reported Times
- Scanner Values
Offenses
- Source and Destination Data
- Categories
- Status and Severity
- Event Count
- Credibility, Relevance and Magnitude
- Associate any CI (IP or hostname) from asset model
Vulnerability
- CVE
- PCI Severity
- Numbers (Open Services Vul, Overdue, Unassigned
- Risk Factor
Custom configuration and setup
Service Catalog
- Services Request (port scan, dns, whois and geo)
- Asset Request

Compatibility New York, Madrid and London

Hareesh Namavar · ‎02-03-2021

Hi,

A new app for QRadar integration was released last year.

Link to store app:

https://store.servicenow.com/sn_appstore_store.do#!/store/application/47383796c7340010c20eb5a827c2606e/10.4.1?referer=%2Fstore%2Fsearch%3Flistingtype%3Dallintegrations%25253Bancillary_app%25253Bcertified_apps%25253Bcontent%25253Bindustry_solution%25253Boem%25253Butility%26q%3DQRadar%2520offense&sl=sh

Regards

Hareesh