Digital Developer Conference: Cloud Security 2021 -- Build the skills to secure your cloud and data Register free

Manage security insights and incidence response effectively

Note: This pattern is part of a composite pattern. These are code patterns that can be stand-alone applications or might be a continuation of another code pattern. This composite pattern consists of:


Today’s security information and event management (SIEM) systems have access to a broader knowledge base and are more effective in detecting and logging data than ever before. Pairing a SIEM with an incident response platform creates a powerful platform that enables security teams to simplify and streamline the process of escalating and managing incidents. In this developer code pattern, learn how to use REST APIs to integrate IBM Resilient Incident Response Platform® with IBM QRadar® security information and event management.


In this code pattern, we walk you through the steps to create speed- and location-related offences on IBM QRadar and send them to placeholder organizations on IBM Resilient Incident Response Platform using our QRadar Resilient Integration Application.

When you have completed this code pattern, you will understand how to:

  • Access the offenses from QRadar using REST API
  • Create incidents on the IBM Resilient Incident Response Platform using REST API
  • Send offenses from QRadar to their respective organizations on the IBM Resilient Incident Response Platform



  1. Get all the offenses from QRadar.
  2. Convert these offenses into IBM Resilient Incident Response Platform incident format.
  3. Send these incidents to their respective organization.


Ready to get started? See the README for detailed instructions.