You have been redirected from paterva.com. Maltego.com is the new home for all information regarding Maltego products. Read more about this in a message from the Paterva team and in this blog post and FAQ. close
home Transform Hub data categories - Endpoint & Security Events

IBM QRadar

By Maltego Technologies
Extract and map context of IOCs from event logs and offenses.
IBM QRadar integration for Maltego
Endpoint & Security Events Incident Response Threat Hunting

IBM QRadar Transforms for Maltego

QRadar uses rules to monitor information security events and network flows to detect security threats. When events and flows meet the test criteria that are defined in the ruleset, an offense is created to show that a security attack or policy breach is suspected.

The IBM QRadar integration for Maltego provides context for events and offenses helping improve investigations by mapping the complex relationships. The IBM QRadar Enterprise integration for Maltego enable security teams to extract and map host assets, IP addresses, hashes, operating systems, vulnerabilities and other IOCs from event logs and offenses.

Using the Transforms, investigators and analysts can query offenses from a given QRadar Instance, find the related events for those offenses, bring in the IOCs into Maltego, and leverage our wide variety of data sources to augment and enrich their investigations.

IBM QRadar Transforms in Maltego

  • Threat Intelligence Teams
  • Threat Hunting Teams
  • Incident Response Teams
  • Security Operation Centers

Integration Benefits

Leverage IBM QRadar Data for

Incident Response
Triage security events through the analysis and investigation of QRadar offences by exploring and visualizing details, network logs, time information, related user accounts, and more. Pivot directly from QRadar data to threat intelligence feeds to enrich your security analysis to properly respond to potential security incidents.
Threat Hunting
Improve and automate your threat hunting process by pivoting from Threat Intelligence Reports to IoCs and then searching them in QRadar offences in minutes instead of hours, with the enrichment provided by our Free and Paid Intelligence vendors.
Threat Assessment
Enrich information associated with IT inventory in your organization and check for relevant offences in QRadar to mitigate risk and protect your organization’s inventory.

Pricing & Access

Community Hub
Available only with a Maltego Enterprise plan.
Commercial Hub
Users with a Maltego Enterprise plan have the following access option.
Enterprise Access
Please reach out to your contact person at Maltego or support@maltego.com for access inquiry.

Contact


By clicking on "Send Message", you agree to the processing of the data you entered and you allow us to contact you for the purpose selected in the form. For further information, see our Data Privacy Policy.

About IBM QRadar

IBM QRadar is an enterprise security information and event management (SIEM) product. It collects log data from an enterprise, its network devices, host assets and operating systems, applications, vulnerabilities, and user activities and behaviors to then perform real-time analysis of the log data and network flows to identify malicious activity so it can be stopped quickly, preventing, or minimizing damage to the organization.

For more information, visit https://www.ibm.com/uk-en/qradar