Sophos Endpoint

Discussions IBM SOAR integration

Sophos Endpoint requires membership for participation - click to join

Thread Info

State Not Answered
View Voters Login to vote on this thread 0 Login to vote on this thread
Locked Locked
Replies 2 replies
Subscribers 15 subscribers
Views 3117 views
Users 0 members are here

Options

This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

IBM SOAR integration

Luca Comellini over 3 years ago

It would be nice to have an integration between IBM Soar and Sophos Central to collect all the events, alerts and XDR logs.

A SOC team would have a better overview to check the security level of the infrastructure.

This thread was automatically locked due to age.

0 Karl_Ackerman over 3 years ago

IBM Soar I assume is QRadar integration.

QRadar has a SIEM integration for the on-prem SEC product,https://www.ibm.com/docs/en/dsm?topic=sophos-enterprise-console

but not for the Sophos Central product yet. To build one we would need to leverage the QRadar Universal Cloud Connector, which can pull in data via an API, but requires a custom integration (DSM).

Can you add more information on the use case?
- 0 Luca Comellini over 3 years ago in reply to Karl_Ackerman
  
  Hi Karl,
  
  The IBM security SOAR is different from IBM Qradar. Is it possible to integrate the IBM SOAR with Sophos Central Cloud in order to have a quicker response following an incident?
  
  Regarding the Qradar integration, is there a KB for the configuration of the Universal Cloud Connector and the creation of a custom DSM?
  
  Thanks