QRadar integration overview
The QRadar® Security Intelligence Platform serves as a control center that integrates real-time security intelligence data to include more than 400 different sources. With security intelligence, companies can automatically alert security teams to unpatched Web applications that risk being attacked by known application-layer exploits that AppScan® Enterprise has identified. This integration enables QRadar Offence Manager to determine if observed malicious traffic to a Web application could potentially lead to an exploit and then report this as a high-risk incident to the network administrator.
About this task
QRadar uses REST APIs available for Applications
in monitor view of AppScan Enterprise to pull issues. In AppScan Enterprise, the
QRadar users should have access to these applications. QRadar looks for Hosts application attribute and pulls the data only if this attribute
is populated with IP address of the box where the target application is installed.
Note: When QRadar imports the report results, any SAST findings are not
used because they are not associated with a URL, and hence they cannot be mapped to an IPv4 address
in QRadar.