The QRadar platform has been designed to capture and process event information from thousands of systems across your network and bring them onto a single pane of glass for real-time monitoring, alerting, and reporting. The system not only captures the traditional network layer traffic but also application layer content used to gain a greater visibility into the traffic on your network. Support for more than 450 enterprise systems have been included out of the box to ensure the events received are reliably processed.
QRadar can present the data it captures in several forms. Out of the box the system comes with several enterprise dashboards. The dashboards can be used by both operations as well as management to monitor the ongoing activity occurring across the enterprise. Incoming log and flow data can be displayed in real time streams of activity for on the fly searching and reporting. For targeted data and activity, consolidated reports can be generated and automatically delivered to the target team for review. All of these options combined provides the user flexibility to gain access to the information they need in a timely manner.
QRadar SIEM collects information that includes:
- Security events: Events from firewalls, virtual private networks, intrusion detection systems, intrusion prevention systems and more
- Network events: Events from switches, routers, servers, hosts and more
- Network activity context: Layer 7 application context from network and application traffic
- User or asset context: Contextual data from identity and access-management products and vulnerability scanners
- Operating system information: Vendor name and version number specifics for network assets
- Application logs: Enterprise resource planning (ERP), workflow, application databases, management platforms and more