Overview
IBM QRadar is an enterprise security information and event management (SIEM) product.
QRadar collects log data from an enterprise, its network devices, host assets and operating systems, applications, vulnerabilities, and user activities and behaviors to then perform real-time analysis of the log data and network flows to identify malicious activity so that these can be stopped quickly, minimizing, or altogether preventing damage to the organization.
QRadar uses rules to monitor information security events and network flows to detect security threats. When events and flows meet the test criteria that are defined in the ruleset, an offense is created to show that a security attack or policy breach is suspected.
The IBM QRadar integration for Maltego provides context for events and offenses helping improve investigations by mapping complex relationships.
The IBM QRadar Enterprise integration for Maltego enable security teams to extract and map host assets, IP addresses, hashes, operating systems, vulnerabilities and other IOCs from event logs and offenses.
Using these Transforms, investigators and analysts can query offenses from a given QRadar Instance, find the related events for those offenses, bring in the IOCs into Maltego, and leverage our wide variety of data sources to augment and enrich their investigations.
You can read more about the IBM QRadar Transforms on our website here.
Pricing and Access
Please note that this integration is available for Maltego Enterprise plan users only. Kindly reach out to support@maltego.com to learn more about accessing this integration.
To Assets [IBM QRadar]
Description
Returns the assets on the QRadar instance
| QRadar Endpoint |
string |
|
True |
False |
true |
| Token |
string |
|
True |
False |
true |
| Display Name |
To Assets [IBM QRadar] |
| Owner |
|
| Author |
Maltego |
| Data Source |
IBM QRadar |
| Transform Name |
qradar.instanceToAssets |
| Input Entities |
maltego.ibm.qradar.Instance |
| Output Entities |
maltego.ibm.qradar.Asset |
| Short Description |
Returns the assets on the QRadar instance |
To Source IP Address [IBM QRadar]
Description
Returns the event source IP address
| Display Name |
To Source IP Address [IBM QRadar] |
| Owner |
|
| Author |
Maltego |
| Data Source |
IBM QRadar |
| Transform Name |
qradar.eventToSourceIpAddress |
| Input Entities |
maltego.ibm.qradar.Event |
| Output Entities |
maltego.IPv4Address, maltego.IPv6Address |
| Short Description |
Returns the event source IP address |
To Close Date [IBM QRadar]
Description
Returns the offense close date
| Display Name |
To Close Date [IBM QRadar] |
| Owner |
|
| Author |
Maltego |
| Data Source |
IBM QRadar |
| Transform Name |
qradar.offenseToCloseDate |
| Input Entities |
maltego.ibm.qradar.Offense |
| Output Entities |
maltego.DateTime |
| Short Description |
Returns the offense close date |
To Events as Destination IP [IBM QRadar]
| QRadar Endpoint |
string |
|
True |
False |
true |
| Search Date Range |
daterange |
|
false |
true |
false |
| Token |
string |
|
True |
False |
true |
| Display Name |
To Events as Destination IP [IBM QRadar] |
| Owner |
|
| Author |
Maltego |
| Data Source |
IBM QRadar |
| Output Entities |
maltego.ibm.qradar.Event |
Variants
| qradar.destinationIpv6AddressToEvent |
maltego.IPv6Address |
Returns the events with the given IPv6 address |
| qradar.destinationIpv4AddressToEvent |
maltego.IPv4Address |
Returns the events with the given IPv4 address |
To Events as Source IP [IBM QRadar]
| QRadar Endpoint |
string |
|
True |
False |
true |
| Search Date Range |
daterange |
|
false |
true |
false |
| Token |
string |
|
True |
False |
true |
| Display Name |
To Events as Source IP [IBM QRadar] |
| Owner |
|
| Author |
Maltego |
| Data Source |
IBM QRadar |
| Output Entities |
maltego.ibm.qradar.Event |
Variants
| qradar.sourceIpv4AddressToEvent |
maltego.IPv4Address |
Returns the events with the given IPv4 address |
| qradar.sourceIpv6AddressToEvent |
maltego.IPv6Address |
Returns the events with the given IPv6 address |
To Local Destination Addresses [IBM QRadar]
Description
Returns the destination IP addresses in an offense
| QRadar Endpoint |
string |
|
True |
False |
true |
| Token |
string |
|
True |
False |
true |
| Display Name |
To Local Destination Addresses [IBM QRadar] |
| Owner |
|
| Author |
Maltego |
| Data Source |
IBM QRadar |
| Transform Name |
qradar.offenseToLocalDestinationAddresses |
| Input Entities |
maltego.ibm.qradar.Offense |
| Output Entities |
maltego.Ipv4Address, maltego.Ipv4Address |
| Short Description |
Returns the destination IP addresses in an offense |
To Source Port [IBM QRadar]
Description
Returns the event source port
| Display Name |
To Source Port [IBM QRadar] |
| Owner |
|
| Author |
Maltego |
| Data Source |
IBM QRadar |
| Transform Name |
qradar.eventToSourcePort |
| Input Entities |
maltego.ibm.qradar.Event |
| Output Entities |
maltego.Port |
| Short Description |
Returns the event source port |
To Destination IP Address [IBM QRadar]
Description
Returns the event destination IP address
| Display Name |
To Destination IP Address [IBM QRadar] |
| Owner |
|
| Author |
Maltego |
| Data Source |
IBM QRadar |
| Transform Name |
qradar.eventToDestinationIpAddress |
| Input Entities |
maltego.ibm.qradar.Event |
| Output Entities |
maltego.IPv4Address, maltego.IPv6Address |
| Short Description |
Returns the event destination IP address |
To Category [IBM QRadar]
Description
Returns the offense category
| Display Name |
To Category [IBM QRadar] |
| Owner |
|
| Author |
Maltego |
| Data Source |
IBM QRadar |
| Transform Name |
qradar.offenseToCategory |
| Input Entities |
maltego.ibm.qradar.Offense |
| Output Entities |
maltego.ibm.qradar.Tag |
| Short Description |
Returns the offense category |
To Log Source [IBM QRadar]
Description
Returns the log source for the offense
| Display Name |
To Log Source [IBM QRadar] |
| Owner |
|
| Author |
Maltego |
| Data Source |
IBM QRadar |
| Transform Name |
qradar.offenseToLogSource |
| Input Entities |
maltego.ibm.qradar.Offense |
| Output Entities |
maltego.Phrase |
| Short Description |
Returns the log source for the offense |
To Events (with Offenses) as Source IP [IBM QRadar]
Description
Returns the events linked to the ip address which contain an QRadar offense
| QRadar Endpoint |
string |
|
True |
False |
true |
| Search Date Range |
daterange |
|
false |
true |
false |
| Token |
string |
|
True |
False |
true |
| Display Name |
To Events (with Offenses) as Source IP [IBM QRadar] |
| Owner |
|
| Author |
Maltego |
| Data Source |
IBM QRadar |
| Transform Name |
qradar.ipv4AddressSourceToOffenseEvents |
| Input Entities |
maltego.IPv4Address |
| Output Entities |
maltego.ibm.qradar.Offense |
| Short Description |
Returns the events linked to the ip address which contain an QRadar offense |
To Source Addresses [IBM QRadar]
Description
Returns the source IP addresses in an offense
| QRadar Endpoint |
string |
|
True |
False |
true |
| Token |
string |
|
True |
False |
true |
| Display Name |
To Source Addresses [IBM QRadar] |
| Owner |
|
| Author |
Maltego |
| Data Source |
IBM QRadar |
| Transform Name |
qradar.offenseToSourceAddresses |
| Input Entities |
maltego.ibm.qradar.Offense |
| Output Entities |
maltego.Ipv4Address, maltego.Ipv6Address |
| Short Description |
Returns the source IP addresses in an offense |
To Closing User [IBM QRadar]
Description
Returns the user who closed the offense
| Display Name |
To Closing User [IBM QRadar] |
| Owner |
|
| Author |
Maltego |
| Data Source |
IBM QRadar |
| Transform Name |
qradar.offenseToClosingUser |
| Input Entities |
maltego.ibm.qradar.Offense |
| Output Entities |
maltego.Phrase |
| Short Description |
Returns the user who closed the offense |
To Username [IBM QRadar]
Description
Returns the event username
| Display Name |
To Username [IBM QRadar] |
| Owner |
|
| Author |
Maltego |
| Data Source |
IBM QRadar |
| Transform Name |
qradar.eventToUsername |
| Input Entities |
maltego.ibm.qradar.Event |
| Output Entities |
maltego.IPv4Address |
| Short Description |
Returns the event username |
To Start Date [IBM QRadar]
Description
Returns the offense start date
| Display Name |
To Start Date [IBM QRadar] |
| Owner |
|
| Author |
Maltego |
| Data Source |
IBM QRadar |
| Transform Name |
qradar.offenseToStartDate |
| Input Entities |
maltego.ibm.qradar.Offense |
| Output Entities |
maltego.DateTime |
| Short Description |
Returns the offense start date |
To IP Address [IBM QRadar]
Description
Returns the IP addresses associated with an asset
| Display Name |
To IP Address [IBM QRadar] |
| Owner |
|
| Author |
Maltego |
| Data Source |
IBM QRadar |
| Transform Name |
qradar.assetToIpAddress |
| Input Entities |
maltego.ibm.qradar.Asset |
| Output Entities |
maltego.IPv4Address, maltego.IPv6Address |
| Short Description |
Returns the IP addresses associated with an asset |
To Interesting Fields [IBM QRadar]
Description
Returns the interesting fields within the event
| Display Name |
To Interesting Fields [IBM QRadar] |
| Owner |
|
| Author |
Maltego |
| Data Source |
IBM QRadar |
| Transform Name |
qradar.eventToInterestingFields |
| Input Entities |
maltego.ibm.qradar.Event |
| Output Entities |
maltego.IPv4Address, maltego.IPv6Address, maltego.DateTime, maltego.Alias |
| Short Description |
Returns the interesting fields within the event |
To Destination Port [IBM QRadar]
Description
Returns the event source port
| Display Name |
To Destination Port [IBM QRadar] |
| Owner |
|
| Author |
Maltego |
| Data Source |
IBM QRadar |
| Transform Name |
qradar.eventToDestinationPort |
| Input Entities |
maltego.ibm.qradar.Event |
| Output Entities |
maltego.Port |
| Short Description |
Returns the event source port |
To Offenses [IBM QRadar]
Description
Returns the offenses on the QRadar instance
| QRadar Endpoint |
string |
|
True |
False |
true |
| Token |
string |
|
True |
False |
true |
| Display Name |
To Offenses [IBM QRadar] |
| Owner |
|
| Author |
Maltego |
| Data Source |
IBM QRadar |
| Transform Name |
qradar.instanceToOffenses |
| Input Entities |
maltego.ibm.qradar.Instance |
| Output Entities |
maltego.ibm.qradar.Offense |
| Short Description |
Returns the offenses on the QRadar instance |
To Events (with Offenses) as Destination IP [IBM QRadar]
Description
Returns the events linked to the ip address which contain an QRadar offense
| QRadar Endpoint |
string |
|
True |
False |
true |
| Search Date Range |
daterange |
|
false |
true |
false |
| Token |
string |
|
True |
False |
true |
| Display Name |
To Events (with Offenses) as Destination IP [IBM QRadar] |
| Owner |
|
| Author |
Maltego |
| Data Source |
IBM QRadar |
| Transform Name |
qradar.ipv4AddressDestinationToOffenseEvents |
| Input Entities |
maltego.IPv4Address |
| Output Entities |
maltego.ibm.qradar.Offense |
| Short Description |
Returns the events linked to the ip address which contain an QRadar offense |
To Events [IBM QRadar]
Description
Returns the events linked to the QRadar offense
| QRadar Endpoint |
string |
|
True |
False |
true |
| Search Date Range |
daterange |
|
false |
true |
false |
| Token |
string |
|
True |
False |
true |
| Display Name |
To Events [IBM QRadar] |
| Owner |
|
| Author |
Maltego |
| Data Source |
IBM QRadar |
| Transform Name |
qradar.offenseToEvents |
| Input Entities |
maltego.ibm.qradar.Offense |
| Output Entities |
maltego.ibm.qradar.Event |
| Short Description |
Returns the events linked to the QRadar offense |
To Assigned User [IBM QRadar]
Description
Returns the user assigned an offense
| Display Name |
To Assigned User [IBM QRadar] |
| Owner |
|
| Author |
Maltego |
| Data Source |
IBM QRadar |
| Transform Name |
qradar.offenseToAssignedTo |
| Input Entities |
maltego.ibm.qradar.Offense |
| Output Entities |
maltego.Phrase |
| Short Description |
Returns the user assigned an offense |