Skip to content

Interpres Application - QRadar

  • Type: SIEM/Data Lake
  • Vendor: QRadar

This app integrates with QRadar to get Detections and Alerts.

Vendor setup

  1. Create an authorized service token
  2. Add a role with permission to read rules and offenses.

App Configuration

App Parameters:

  • Base URL: The URL to the source instance using the following format http[s]://\<server name or ip>:\<port>
  • Secret: An authorized services token
  • Api Version: QRadar version has a REST API with format XX.X, defaults to 26.0.
  • Proxy: A valid proxy server using the following format http[s]://\<server name or ip>:\<port>
  • Verify Server Cert: If enabled Interpres will verify the SSL certificate of the QRadar server

App Validation

Check there is connectivity (green light) in the integration created.

Implemented Actions

  • Get Detections: Gets Detections (QRadar Rules).

  • Get Alerts: Gets Alerts (QRadar Offenses) which are triggered rules that generate insights.