QDATA LDAP Data Enrichment
QDATA LDAP Data Enrichment for IBM Security QRadar SIEM is an application that synchronizes QRadar Reference Sets and Tables content with the information from Active Directory and other LDAP-based storages.
QDATA supports multiple tasks for either periodic or scheduled synchronizations, complex LDAP queries, advanced configuration, per-task statistics, and in-app logging.
QDATA is vital for developing rules that depend on specific account type or group of users.
Use Cases Include:
- Someone with Windows administrative account is accessing restricted servers;
- Users from the HR department are logged in to Sales file server;
- The Exchange server admin is accessing another person’s mailbox
Using a simple flat list with usernames (reference set), it is just a matter of configuring proper LDAP query in QDATA and adding e.g. “when any of Username is contained in any of Corp_Admin_Accounts” as a rule test.
QRadar Native Alternatives
The official QRadar LDAP extension provides imported data in a format that cannot be used in correlation rules.
QDATA is a free application by ScienceSoft. Open Source / Apache 2.
IBM App Exchange
QDATA LDAP Data Enrichment is officially available at IBM Security App Exchange. Please, follow the link to download it now.