Blog

How to Add Behavioral Threat Detection to Your SIEM

The ExtraHop App for IBM QRadar

Stephen DeSanto

May 13, 2019

IBM QRadar SIEM provides security teams with a platform for correlating events and intelligence from throughout the IT environment, and coordinating detection and response workflows. However, the modern attack surface is vast and permeable. When an attacker makes it inside your network, SIEM tools need to detect the subtle behaviors that indicate an attack in progress, especially when it comes to unknown threats. That's why leading SIEM vendors recommend augmenting your existing data with network traffic analysis to protect critical assets and drive proactive security.

The ExtraHop app for IBM QRadar SIEM is engineered to make your professional life easier and your organization more secure by seamlessly integrating ExtraHop Reveal(x), network traffic analysis for the enterprise, with IBM QRadar. Reveal(x) applies machine learning and other analysis to east-west traffic for real-time detection of known and unknown threats, complementing QRadar's existing dataset with rich transactional data from the network, advanced behavioral analytics, and guided investigations.

How It Works + Why It's Valuable + How to Get Started

How It Works

There are two components to the integration:

The ExtraHop App for QRadar contains a "Device Support Module" for Reveal(x) detections that provides a data model allowing QRadar to parse the message it receives from ExtraHop, and it allows you to save detections as QRadar log events.
The ExtraHop Detection SIEM Connector bundle contains a trigger which executes every time the ExtraHop appliance creates or updates a detection. The trigger formats a message containing the detection data and sends it to QRadar via the Syslog protocol.

Why It's Valuable

The ExtraHop App for IBM QRadar combines what Reveal(x) does best — providing complete visibility, real-time detection, and guided investigation — with IBM QRadar's best-in-class security information and event management capabilities.

By automatically importing real-time Reveal(x) detections to a tab conveniently located in your QRadar user interface, you gain a complete picture of suspicious or anomalous behavior anywhere in your enterprise environment:

When you need to dig deeper, you can easily pivot to ExtraHop and drill down into context-rich packets for forensic detail:

How to Get Started

To start using the ExtraHop App for IBM QRadar:

Visit the ExtraHop Bundles Gallery to download the ExtraHop Detection SIEM Connector bundle.
Visit the IBM Security App Exchange to download the ExtraHop App for IBM QRadar.
Be sure to check out our ExtraHop and IBM QRadar SIEM Integration Video.

If you would like more information about the ExtraHop App for IBM QRadar, please visit our QRadar integration page.

Discover more

CybersecurityRevealXTechNTA

Explore related articles

How Network Detection & Response Supports the CIS Top 20 Controls

March 14, 2019

Learn how network detection & response (NDR) solutions are the easiest way to get the most CIS Top 20 Control coverage in a short amount of time.

RevealXCybersecurityNTASecurity FrameworksNDR

Read article

Show and Tell: What a Live Attack Simulation Looks Like in Reveal(x)

February 12, 2019

Our online demo now features a live attack simulation where you can observe a hacker doing her job: exploiting a Drupal vulnerability, installing custom executables through PsExec, and more.

CybersecurityRevealXNTATech

Read article

Hacker, Interrupted

January 31, 2019

What happens when you find a data leak in your own environment? Learn how I used ExtraHop Reveal(x) to catch the fake Postman Chrome extension.

TechCybersecurityNTARevealX

Read article

Experience RevealX NDR for Yourself

Schedule a demo

RevealX platform

Deployment

Integrations

Experience NDR

Capabilities

FAQs

Intrusion Detection System

Forensics

Experience NPM

Capabilities

FAQs

Forensics

Solutions

Ransomware Attacks

Advanced Threat Hunting

Threat Detection and Response

Network Forensics and Investigation

Security Hygiene

Cloud Workload Security

Operational Resilience

Troubleshooting and Resolution

Cloud Migration

Cloud Workload Monitoring

Network Forensics

Zero Trust

Multicloud & Hybrid Cloud Security

XDR Strategy

SOC Modernization

Digital Transformation

Financial Services

Education

Public Sector

Federal Civilian Agencies

Defense and Intelligence

State and Local Government

Why ExtraHop

Customer Stories

News

Careers

Technology Partners

Channel Partners

Managed Service Providers

Service Credits

Resident Experts

Deployments

Customer Community

Technical Support

Education Services

C-Level

Security Threats

Company

Products

How-To

NDR

NPM

Ransomware

Zero Trust

Reports

Demos & Videos

Customer Stories

Webinars

Papers & E-books

Data Sheets

Experience NDR

Capabilities

FAQs

Intrusion Detection System

Forensics

Experience NPM

Capabilities

FAQs

Forensics

Ransomware Attacks

Advanced Threat Hunting

Threat Detection and Response

Network Forensics and Investigation

Security Hygiene

Cloud Workload Security

Operational Resilience

Troubleshooting and Resolution