SIEM Integration

What is SIEM?

Security Information and Event Management (SIEM) enables administrators to efficiently manage increasing security threats and comply with regulatory standards. SIEM assists in detecting, visualizing, scrutinizing, and responding to the various threats that risk your organization's data security.

Zoho eProtect enables seamless integration of its audit and threat activity logs with your SIEM solution for real-time security monitoring and action.

QRadar Integration

IBM QRadar is a network security management solution that collects, correlates, and analyzes real-time audit log data to identify and address security threats. It helps organizations manage their network security by providing real-time monitoring, alerting for offenses, and responding to potential threats.

Prerequisites

Ensure that IBM QRadar is installed and operational.
Zoho eProtect supports sending event logs to QRadar exclusively through the HTTP Receiver protocol, which requires a valid SSL certificate issued by a Certificate Authority (CA). For more information, click here.
Ensure that your QRadar instance has an open inbound port, appropriate public IP address mapping, and a domain mapped to it with SSL/TLS properly configured to facilitate seamless data ingestion.

Steps to Integrate QRadar with Zoho eProtect

A. Configure HTTP Receiver in QRadar

Log in to your organization's QRadar account.
Navigate to the Log Source Management App to create a new HTTP Receiver log source.
Create a new HTTP Receiver protocol log source in the New log source section.
Deploy the newly created log source configuration.

B. Configure QRadar in Zoho eProtect

Log in to Zoho eProtect.
From the left pane, navigate to Logs and select SIEM Integration.
Choose QRadar and click Configure.
In the Selected Categories field, select the audit log categories you wish to monitor.
In the URL field, enter the HTTPS Receiver Protocol Configuration URL from your QRadar account.
Click the Add button.
Enter the One-Time Password (OTP) sent to your QRadar account to confirm the addition.

C. Modify Audit Event Categories (Optional)

To modify the audit event categories, add or remove events in the Selected Categories field.
Click Update.
Enter the OTP sent to your QRadar account to save the modifications.

D. Remove QRadar Configuration (If Needed)

To remove the QRadar configuration, click on Remove Configuration within the QRadar integration settings in Zoho eProtect.

By following these steps, you can successfully integrate Zoho eProtect with IBM QRadar, enabling centralized monitoring and management of your organization's security events.

CRM

Voice

Sign

Forms

Bigin

SalesIQ

Bookings

RouteIQ

Thrive

CRM Plus

Zakya

Campaigns

Voice

Sign

Forms

Social

Survey

SalesIQ

Sites

Backstage

PageSense

Marketing Automation

LandingPage

Webinar

LeadChain

Domains

CommunitySpaces

Thrive

Publish

Marketing Plus

Commerce

Zakya

Desk

Assist

Voice

SalesIQ

Bookings

FSM

Lens

Solo

Service Plus

Books

Expense

Sign

Inventory

Invoice

Billing

Payroll

Commerce

Checkout

Practice

Solo

Payments

Finance Plus

Mail

Voice

Sign

WorkDrive

Bookings

Cliq

Notebook

Meeting

Connect

Learn

Office Integrator

Writer

TeamInbox

ZeptoMail

Show

Tables

Sheet

Office Suite

Calendar

ToDo

PDF Editor

Workplace

Vani

Expense

Recruit

People