Manage security insights and incidence response effectively

Get the code Watch the demo

Note: This pattern is part of a composite pattern. These are code patterns that can be stand-alone applications or might be a continuation of another code pattern. This composite pattern consists of:

Summary

Today’s security information and event management (SIEM) systems have access to a broader knowledge base and are more effective in detecting and logging data than ever before. Pairing a SIEM with an incident response platform creates a powerful platform that enables security teams to simplify and streamline the process of escalating and managing incidents. In this developer code pattern, learn how to use REST APIs to integrate IBM Resilient Incident Response Platform® with IBM QRadar® security information and event management.

Description

In this code pattern, we walk you through the steps to create speed- and location-related offences on IBM QRadar and send them to placeholder organizations on IBM Resilient Incident Response Platform using our QRadar Resilient Integration Application.

When you have completed this code pattern, you will understand how to:

  • Access the offenses from QRadar using REST API
  • Create incidents on the IBM Resilient Incident Response Platform using REST API
  • Send offenses from QRadar to their respective organizations on the IBM Resilient Incident Response Platform

Flow

flow

  1. Get all the offenses from QRadar.
  2. Convert these offenses into IBM Resilient Incident Response Platform incident format.
  3. Send these incidents to their respective organization.

Instructions

Ready to get started? See the README for detailed instructions.