Automatically enrich offense notes, save time and effort while gaining the insights they need to rapidly isolate affected assets, accelerate remediation and minimize potential damage.
SIEM solutions aggregate event data produced by security devices, network infrastructure, systems, and applications, and while the primary data source is log data, SIEM technology can also process other forms of data, such as IT Asset data from Lansweeper. With Lansweeper data delivered automatically along with QRadar alerts, users save time and effort while gaining the insights they need to rapidly isolate affected assets, accelerate remediation and minimize potential damage.
Lansweeper App for QRadar is freely available to the security community through IBM Security App Exchange, a marketplace where developers across the industry can share applications based on IBM Security technologies. By downloading the app, users will gain the option to configure QRadar to establish connectivity with Lansweeper, enabling up-to-the-minute, complete, and accurate IT asset data to flow effortlessly into the QRadar solution and automatically enrich offense notes.
Lansweeper App for QRadar enables event data to be combined with contextual information from Lansweeper about users, assets, and vulnerabilities, which can be analyzed for insights that enhance network security event monitoring, user activity monitoring, and compliance reporting. It uses the IP/MAC address to fetch Lansweeper enrichment data and populate the information in SIEM alerts. This enables security analysts to access contextual data right from within their SIEM solution, eliminating the need to spend time and effort chasing that information down.
Key Integration Features
Lansweeper App For QRadar – QRadar v7.4.1FP2+ allows users to fetch the context information from the Lansweeper platform for IP and MAC addresses that exist in offenses
generated from event logs associated with different log sources.
Notes in the offenses will be populated by the context information of IP and MAC addresses from Lansweeper which will give insightful information to SOC analysts to take further actions.
Requirements
Lansweeper App for QRadar – QRadar v7.4.1FP2+ (v1.0.0)