IBM QRadar Tools by ScienceSoft

The advanced monitoring tool for IBM QRadar self-audit and fine-tuning with over 60 behavioral metrics and 25 health markers. QLEAN delivers a 360-degree view of your SIEM adding unique value to deployments of all sizes, identifies low performing components, and helps create actionable remediation steps. The product has a proven track record reducing both risk and cost by freeing up time (up to 250-300 hours per year per client) and eliminating time-consuming routine maintenance and investigations.

ScienceSoft application that enhances IBM QRadar functionality by making it easy to manage user sessions and actions. QSM investigates security events via session information even when user name is not available in log messages. The tool saves up to three hours daily for analysts who perform and process all searches manually due to the absence of such functionality in native QRadar.

QIN is the most effective and flexible alternative to the part of the native IBM QRadar functionality responsible for notifying users about security incidents. It is a highly customizable tool for triggering and assigning offenses to analysts based on a variety of key metrics. The application simplifies performing administrators’ tasks and sending alerts not only via email but also using Jira, MS Teams, Slack, Twilio SMS, and Telegram.

QOR creates a full snapshot of all Offenses in IBM QRadar representing an entire history of changes. The tool’s main function is to generate Excel reports for Offenses by schedule and send them via email. QOR exports various useful data into its complex reports, including notes, closing reasons, offense rule name, etc.

The most effortless way to get a full picture of Log Sources by generating periodical configurable reports in the Excel format and receiving them via email. Advanced QLSI reports are convenient for analysis and contain unique information not available from standard exports, e.g. EPS values per each log source.

The best solution for collecting data in near-real time from MS Exchange Admin and Mailbox Audit which is not available via standard IBM QRadar protocols. QMEA does not just show raw statistics as-is, it processes, transforms, and represents valuable information in an easy-to-view format via Syslog.

QVTI is meant to facilitate checking process hashes against the VirusTotal database not extracting them manually but using its public API. The application enriches IBM QRadar with important data for malicious software relying on the Sysmon log data collected with WinCollect agents.

The extension for IBM QRadar that synchronizes Active Directory and LDAP-based storage information with QRadar Reference Sets and Tables. Multitasking QDATA covers periodic and scheduled sync-ups, complex LDAP queries and configuration, per-task statistics, and in-app logging. The tool is vital for developing rules that depend on a specific account type or a group of users.

ScienceSoft tool designed for monitoring inbound and outbound connections to Darknet via TOR relay and exit nodes. QTOR automates daily manual routine related to gathering and processing information from public sources. The solution combines an IBM QRadar application with two custom rules required for a continuous check of various TOR connections.

QDGA is designed to gather rules and reference sets and detect suspicious domain names created by Domain Generation Algorithms. This application is a lightweight alternative to QRadar DNS Analyzer application that works with processing DGA.

A breakthrough among IBM QRadar extensions that helps users automatically install and configure unmanaged IBM WinCollect agents and corresponding Log Sources. QWAD saves a huge amount of time and efforts in manual labor, which can be invested into use case development instead, and makes the integration of third-party agents into the corporate network an easy process.

Another ScienceSoft solution in the line-up of IBM QRadar notification tools. QMLA shows users comprehensive information about Log Sources that stopped receiving events, and precise time when it happened. The application uses QRadar log source groups and specifies a timeout for each group individually generating and sending notifications via a set of rules shipped with the software package.

A new solution for IBM QRadar SIEM by ScienceSoft that detects and notifies in time users via email about long-lasting active searches in the system. QSSA features are not currently available in the native QRadar and enhance its functionality.

One of ScienceSoft key solutions created for monitoring the number of events received by each log source and exceeding a configurable EPS threshold. Top QLED features allow users to request information via IBM QRadar API, store EPS statistics data in a built-in database and visualize it via charts in a new QRadar tab.

The application for IBM QRadar designed for creating a list of all offenses generated by a specific rule. QFSO is useful for speeding up offense investigations and rules tuning. Its functionality is unique as QRadar does not have such features and analysts would have to manually search for similar offenses.

QEFC by ScienceSoft allows users to temporarily prevent rules from generating new offenses for specific offense sources (username, IP address, etc.). This extension for IBM QRadar is useful when the incident response team has already identified a compromised host or username and do not need further notifications for the same source until the asset is fully recovered.