Documentation Home Maltego Academy Maltego Blog Contact Us
Welcome
Login
Open navigation

IBM QRadar

Modified on: Wed, 28 Aug, 2024 at 4:08 PM

Overview

IBM QRadar is an enterprise security information and event management (SIEM) product.


QRadar collects log data from an enterprise, its network devices, host assets and operating systems, applications, vulnerabilities, and user activities and behaviors to then perform real-time analysis of the log data and network flows to identify malicious activity so that these can be stopped quickly, minimizing, or altogether preventing damage to the organization.


QRadar uses rules to monitor information security events and network flows to detect security threats. When events and flows meet the test criteria that are defined in the ruleset, an offense is created to show that a security attack or policy breach is suspected.


The IBM QRadar integration for Maltego provides context for events and offenses helping improve investigations by mapping complex relationships.


The IBM QRadar Enterprise integration for Maltego enable security teams to extract and map host assets, IP addresses, hashes, operating systems, vulnerabilities and other IOCs from event logs and offenses.


Using these Transforms, investigators and analysts can query offenses from a given QRadar Instance, find the related events for those offenses, bring in the IOCs into Maltego, and leverage our wide variety of data sources to augment and enrich their investigations.


You can read more about the IBM QRadar Transforms on our website here.

IBM QRadar Transforms

To Assets [IBM QRadar]

Description

Returns the assets on the QRadar instance


Transform Settings

Display NameSetting TypeDefault ValueOptionalPopupAuthentication
QRadar Endpointstring TrueFalsetrue
Tokenstring TrueFalsetrue

Transform Meta Info

InformationValue
Display NameTo Assets [IBM QRadar]
Owner 
AuthorMaltego
Data SourceIBM QRadar
Transform Nameqradar.instanceToAssets
Input Entitiesmaltego.ibm.qradar.Instance
Output Entitiesmaltego.ibm.qradar.Asset
Short DescriptionReturns the assets on the QRadar instance

To Source IP Address [IBM QRadar]

Description

Returns the event source IP address


Transform Meta Info

InformationValue
Display NameTo Source IP Address [IBM QRadar]
Owner 
AuthorMaltego
Data SourceIBM QRadar
Transform Nameqradar.eventToSourceIpAddress
Input Entitiesmaltego.ibm.qradar.Event
Output Entitiesmaltego.IPv4Address, maltego.IPv6Address
Short DescriptionReturns the event source IP address

To Close Date [IBM QRadar]

Description

Returns the offense close date


Transform Meta Info

InformationValue
Display NameTo Close Date [IBM QRadar]
Owner 
AuthorMaltego
Data SourceIBM QRadar
Transform Nameqradar.offenseToCloseDate
Input Entitiesmaltego.ibm.qradar.Offense
Output Entitiesmaltego.DateTime
Short DescriptionReturns the offense close date

To Events as Destination IP [IBM QRadar]

Transform Settings

Display NameSetting TypeDefault ValueOptionalPopupAuthentication
QRadar Endpointstring TrueFalsetrue
Search Date Rangedaterange falsetruefalse
Tokenstring TrueFalsetrue

Transform Meta Info

InformationValue
Display NameTo Events as Destination IP [IBM QRadar]
Owner 
AuthorMaltego
Data SourceIBM QRadar
Output Entitiesmaltego.ibm.qradar.Event

Variants

Transform NameInput EntitiesShort Description
qradar.destinationIpv6AddressToEventmaltego.IPv6AddressReturns the events with the given IPv6 address
qradar.destinationIpv4AddressToEventmaltego.IPv4AddressReturns the events with the given IPv4 address

To Events as Source IP [IBM QRadar]

Transform Settings

Display NameSetting TypeDefault ValueOptionalPopupAuthentication
QRadar Endpointstring TrueFalsetrue
Search Date Rangedaterange falsetruefalse
Tokenstring TrueFalsetrue

Transform Meta Info

InformationValue
Display NameTo Events as Source IP [IBM QRadar]
Owner 
AuthorMaltego
Data SourceIBM QRadar
Output Entitiesmaltego.ibm.qradar.Event

Variants

Transform NameInput EntitiesShort Description
qradar.sourceIpv4AddressToEventmaltego.IPv4AddressReturns the events with the given IPv4 address
qradar.sourceIpv6AddressToEventmaltego.IPv6AddressReturns the events with the given IPv6 address

To Local Destination Addresses [IBM QRadar]

Description

Returns the destination IP addresses in an offense


Transform Settings

Display NameSetting TypeDefault ValueOptionalPopupAuthentication
QRadar Endpointstring TrueFalsetrue
Tokenstring TrueFalsetrue

Transform Meta Info

InformationValue
Display NameTo Local Destination Addresses [IBM QRadar]
Owner 
AuthorMaltego
Data SourceIBM QRadar
Transform Nameqradar.offenseToLocalDestinationAddresses
Input Entitiesmaltego.ibm.qradar.Offense
Output Entitiesmaltego.Ipv4Address, maltego.Ipv4Address
Short DescriptionReturns the destination IP addresses in an offense

To Source Port [IBM QRadar]

Description

Returns the event source port


Transform Meta Info

InformationValue
Display NameTo Source Port [IBM QRadar]
Owner 
AuthorMaltego
Data SourceIBM QRadar
Transform Nameqradar.eventToSourcePort
Input Entitiesmaltego.ibm.qradar.Event
Output Entitiesmaltego.Port
Short DescriptionReturns the event source port

To Destination IP Address [IBM QRadar]

Description

Returns the event destination IP address


Transform Meta Info

InformationValue
Display NameTo Destination IP Address [IBM QRadar]
Owner 
AuthorMaltego
Data SourceIBM QRadar
Transform Nameqradar.eventToDestinationIpAddress
Input Entitiesmaltego.ibm.qradar.Event
Output Entitiesmaltego.IPv4Address, maltego.IPv6Address
Short DescriptionReturns the event destination IP address

To Category [IBM QRadar]

Description

Returns the offense category


Transform Meta Info

InformationValue
Display NameTo Category [IBM QRadar]
Owner 
AuthorMaltego
Data SourceIBM QRadar
Transform Nameqradar.offenseToCategory
Input Entitiesmaltego.ibm.qradar.Offense
Output Entitiesmaltego.ibm.qradar.Tag
Short DescriptionReturns the offense category

To Log Source [IBM QRadar]

Description

Returns the log source for the offense


Transform Meta Info

InformationValue
Display NameTo Log Source [IBM QRadar]
Owner 
AuthorMaltego
Data SourceIBM QRadar
Transform Nameqradar.offenseToLogSource
Input Entitiesmaltego.ibm.qradar.Offense
Output Entitiesmaltego.Phrase
Short DescriptionReturns the log source for the offense

To Events (with Offenses) as Source IP [IBM QRadar]

Description

Returns the events linked to the ip address which contain an QRadar offense


Transform Settings

Display NameSetting TypeDefault ValueOptionalPopupAuthentication
QRadar Endpointstring TrueFalsetrue
Search Date Rangedaterange falsetruefalse
Tokenstring TrueFalsetrue

Transform Meta Info

InformationValue
Display NameTo Events (with Offenses) as Source IP [IBM QRadar]
Owner 
AuthorMaltego
Data SourceIBM QRadar
Transform Nameqradar.ipv4AddressSourceToOffenseEvents
Input Entitiesmaltego.IPv4Address
Output Entitiesmaltego.ibm.qradar.Offense
Short DescriptionReturns the events linked to the ip address which contain an QRadar offense

To Source Addresses [IBM QRadar]

Description

Returns the source IP addresses in an offense


Transform Settings

Display NameSetting TypeDefault ValueOptionalPopupAuthentication
QRadar Endpointstring TrueFalsetrue
Tokenstring TrueFalsetrue

Transform Meta Info

InformationValue
Display NameTo Source Addresses [IBM QRadar]
Owner 
AuthorMaltego
Data SourceIBM QRadar
Transform Nameqradar.offenseToSourceAddresses
Input Entitiesmaltego.ibm.qradar.Offense
Output Entitiesmaltego.Ipv4Address, maltego.Ipv6Address
Short DescriptionReturns the source IP addresses in an offense

To Closing User [IBM QRadar]

Description

Returns the user who closed the offense


Transform Meta Info

InformationValue
Display NameTo Closing User [IBM QRadar]
Owner 
AuthorMaltego
Data SourceIBM QRadar
Transform Nameqradar.offenseToClosingUser
Input Entitiesmaltego.ibm.qradar.Offense
Output Entitiesmaltego.Phrase
Short DescriptionReturns the user who closed the offense

To Username [IBM QRadar]

Description

Returns the event username


Transform Meta Info

InformationValue
Display NameTo Username [IBM QRadar]
Owner 
AuthorMaltego
Data SourceIBM QRadar
Transform Nameqradar.eventToUsername
Input Entitiesmaltego.ibm.qradar.Event
Output Entitiesmaltego.IPv4Address
Short DescriptionReturns the event username

To Start Date [IBM QRadar]

Description

Returns the offense start date


Transform Meta Info

InformationValue
Display NameTo Start Date [IBM QRadar]
Owner 
AuthorMaltego
Data SourceIBM QRadar
Transform Nameqradar.offenseToStartDate
Input Entitiesmaltego.ibm.qradar.Offense
Output Entitiesmaltego.DateTime
Short DescriptionReturns the offense start date

To IP Address [IBM QRadar]

Description

Returns the IP addresses associated with an asset


Transform Meta Info

InformationValue
Display NameTo IP Address [IBM QRadar]
Owner 
AuthorMaltego
Data SourceIBM QRadar
Transform Nameqradar.assetToIpAddress
Input Entitiesmaltego.ibm.qradar.Asset
Output Entitiesmaltego.IPv4Address, maltego.IPv6Address
Short DescriptionReturns the IP addresses associated with an asset

To Interesting Fields [IBM QRadar]

Description

Returns the interesting fields within the event


Transform Meta Info

InformationValue
Display NameTo Interesting Fields [IBM QRadar]
Owner 
AuthorMaltego
Data SourceIBM QRadar
Transform Nameqradar.eventToInterestingFields
Input Entitiesmaltego.ibm.qradar.Event
Output Entitiesmaltego.IPv4Address, maltego.IPv6Address, maltego.DateTime, maltego.Alias
Short DescriptionReturns the interesting fields within the event

To Destination Port [IBM QRadar]

Description

Returns the event source port


Transform Meta Info

InformationValue
Display NameTo Destination Port [IBM QRadar]
Owner 
AuthorMaltego
Data SourceIBM QRadar
Transform Nameqradar.eventToDestinationPort
Input Entitiesmaltego.ibm.qradar.Event
Output Entitiesmaltego.Port
Short DescriptionReturns the event source port

To Offenses [IBM QRadar]

Description

Returns the offenses on the QRadar instance


Transform Settings

Display NameSetting TypeDefault ValueOptionalPopupAuthentication
QRadar Endpointstring TrueFalsetrue
Tokenstring TrueFalsetrue

Transform Meta Info

InformationValue
Display NameTo Offenses [IBM QRadar]
Owner 
AuthorMaltego
Data SourceIBM QRadar
Transform Nameqradar.instanceToOffenses
Input Entitiesmaltego.ibm.qradar.Instance
Output Entitiesmaltego.ibm.qradar.Offense
Short DescriptionReturns the offenses on the QRadar instance

To Events (with Offenses) as Destination IP [IBM QRadar]

Description

Returns the events linked to the ip address which contain an QRadar offense


Transform Settings

Display NameSetting TypeDefault ValueOptionalPopupAuthentication
QRadar Endpointstring TrueFalsetrue
Search Date Rangedaterange falsetruefalse
Tokenstring TrueFalsetrue

Transform Meta Info

InformationValue
Display NameTo Events (with Offenses) as Destination IP [IBM QRadar]
Owner 
AuthorMaltego
Data SourceIBM QRadar
Transform Nameqradar.ipv4AddressDestinationToOffenseEvents
Input Entitiesmaltego.IPv4Address
Output Entitiesmaltego.ibm.qradar.Offense
Short DescriptionReturns the events linked to the ip address which contain an QRadar offense

To Events [IBM QRadar]

Description

Returns the events linked to the QRadar offense


Transform Settings

Display NameSetting TypeDefault ValueOptionalPopupAuthentication
QRadar Endpointstring TrueFalsetrue
Search Date Rangedaterange falsetruefalse
Tokenstring TrueFalsetrue

Transform Meta Info

InformationValue
Display NameTo Events [IBM QRadar]
Owner 
AuthorMaltego
Data SourceIBM QRadar
Transform Nameqradar.offenseToEvents
Input Entitiesmaltego.ibm.qradar.Offense
Output Entitiesmaltego.ibm.qradar.Event
Short DescriptionReturns the events linked to the QRadar offense

To Assigned User [IBM QRadar]

Description

Returns the user assigned an offense


Transform Meta Info

InformationValue
Display NameTo Assigned User [IBM QRadar]
Owner 
AuthorMaltego
Data SourceIBM QRadar
Transform Nameqradar.offenseToAssignedTo
Input Entitiesmaltego.ibm.qradar.Offense
Output Entitiesmaltego.Phrase
Short DescriptionReturns the user assigned an offense

Did you find it helpful? Yes No

Send feedback
Sorry we couldn't be helpful. Help us improve this article with your feedback.

Search all Maltego Guides:

Interested? Get your free demo
Questions? Contact us

© 2024 by Maltego Technologies.