This documentation describes the QRadar Integration for Nozomi Networks Vantage and Sensor (QRadar Universal Application) with the Nozomi Networks platform.

The QRadar Universal Application is designed to enhance your security infrastructure. This solution uses the hypertext transfer protocol (HTTP) OpenAPI to gather critical information from both the Vantage and the sensor environments. This lets you efficiently monitor asset data and respond to security alerts.

The key features are shown below.

Unified alert management

The QRadar Universal Application provides a unified platform that lets you manage alerts and assets that originate from Nozomi Networks platform. Through the consolidation of data from both of these environments, security teams gain a holistic view of the security posture of their network.

HTTP OpenAPI integration

Through the use of the HTTP OpenAPI, the QRadar Universal Application ensures seamless communication between Nozomi Networks and QRadar. This means that data retrieval and synchronization are efficient and hassle-free, ensuring real-time awareness of security events.

Standardized data format

The data obtained from Vantage and the sensor products is shown in a consistent format that is easy to understand. This uniformity simplifies the monitoring and analysis process, which makes it easier to identify potential security threats.

Alert mapping to QRadar events

All alerts from Nozomi Networks are mapped to QRadar events within the system. This mapping ensures that each alert is treated as a distinct event, which allows for customized alert handling and analysis.

Automatic offense generation

When specific types of alerts are detected, such as Nozomi Networks incident alerts, the QRadar Universal Application raises QRadar offenses. This automated response makes sure that potential security incidents are quickly escalated for further investigation.

User-friendly GUI

The QRadar Universal Application has an intuitive graphical user interface (GUI) that gives a clear and organized view of all alert events. You can easily navigate through the alerts and apply various filters to narrow down the results, to make it easier to identify critical security events.

QRadar workflow integration

Users can easily configure LogSources to collect asset and alert data with the workflows available in the IBM QRadar GitHub repository.