IBM QRadar App Integration Overview
The SentinelOne App for QRadar, enables customers to easily coordinate endpoint triage and response from within QRadar. The app provides rich capabilities for viewing endpoint and threat information at a glance, while enabling one-click response actions within SentinelOne. The combined solution provides SOC teams with the visibility, context and integrated workflow to respond to threats with consistency and reduce mean time to response (MTTR).
How Does it Work?
The integration of SentinelOne and QRadar empowers organizations to combine the threat management strengths of QRadar with the visibility, detection, response, remediation and forensics capabilities of SentinelOne. SentinelOne offers deep integration with IBM Security QRadar SIEM, enabling joint customers to maximize the value of their SIEM, EDR and cloud workload investments.
With the SentinelOne Device Support Module (DSM) for QRadar, clients can take advantage of a prebuilt ingestion pipeline that includes parsing of syslog events, predefined filters, and dashboards.