Skip to main content
Version: 2.12.1

IBM QRadar SIEM

Free integration setupWe’ll install and validate this for you.
Book a setup call

Overview

Superna Security Edition + IBM QRadar SIEM delivers real-time event ingestion from storage-layer detections directly into QRadar. SOC teams gain unified visibility across storage, endpoint, and network domains without manual forwarding or parsing.

Free white-glove setup

We’ll install and validate this integration at no charge so you can see value fast. Next step: use Book a setup call at the top of this page.

What You Get

  • Native SIEM ingestion: Zero Trust alerts forwarded in QRadar’s Universal Event Format (UEF).
  • Single source of truth: View storage-layer security findings in the same console as network/endpoint events.
  • SOC enrichment: Events include usernames, IPs, file paths, and severity to speed up triage.
  • Actionable context: Payloads link back to the Superna console for click → view → act.
  • Free installation: Superna provides setup while we build a productized, no-code integration.

How It Works

  1. Detect – Superna Security Edition identifies a critical event (e.g., ransomware, mass delete, insider threat).
  2. Translate – A lightweight Flask service on the Eyeglass VM converts webhook payloads into QRadar UEF JSON.
  3. Send – The service POSTs the formatted event to QRadar’s HTTP Log Source listener.
  4. Ingest & Parse – QRadar DSM parses the event and correlates it with other SOC data.
  5. Investigate – Analysts pivot back to Superna via the included incident URL to remediate and recover.

Architecture / Flow

Components

  • Superna Security Edition – Emits Zero Trust webhooks on critical/major events.
  • Integration Service – Python app on Eyeglass VM formats events to QRadar UEF.
  • IBM QRadar SIEM – Ingests via HTTP Receiver Log Source, parses with DSM, and correlates.

FAQs

Do I need to configure a QRadar DSM?

Yes — use the Universal DSM with an HTTP Receiver Log Source. Custom mapping may be applied in DSM Editor.

What events should I forward?

We recommend only Critical and Major events and only lockout-related webhooks to reduce noise.

Does this integration support TLS?

Yes — use https:// in the HTTP_SERVER_URL and configure your QRadar Log Source accordingly.