Sophos Endpoint

Discussions IBM SOAR integration

Sophos Endpoint requires membership for participation - click to join

Thread Info

State Not Answered
Locked Locked
Replies 2 replies
Subscribers 14 subscribers
Views 2672 views
Users 0 members are here

Options

Suggested

This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

IBM SOAR integration

Luca Comellini over 2 years ago

It would be nice to have an integration between IBM Soar and Sophos Central to collect all the events, alerts and XDR logs.

A SOC team would have a better overview to check the security level of the infrastructure.

This thread was automatically locked due to age.

0 Karl_Ackerman over 2 years ago

IBM Soar I assume is QRadar integration.

QRadar has a SIEM integration for the on-prem SEC product,https://www.ibm.com/docs/en/dsm?topic=sophos-enterprise-console

but not for the Sophos Central product yet. To build one we would need to leverage the QRadar Universal Cloud Connector, which can pull in data via an API, but requires a custom integration (DSM).

Can you add more information on the use case?
Cancel
Vote Up 0 Vote Down

Cancel
0 Luca Comellini over 2 years ago in reply to Karl_Ackerman

Hi Karl,

The IBM security SOAR is different from IBM Qradar. Is it possible to integrate the IBM SOAR with Sophos Central Cloud in order to have a quicker response following an incident?

Regarding the Qradar integration, is there a KB for the configuration of the Universal Cloud Connector and the creation of a custom DSM?

Thanks
Cancel
Vote Up 0 Vote Down

Cancel