IBM Security QRadar SIEM and Lexicon File Integrity Monitor Integration released

September 2013

Honeycomb and IBM announce the release of full integration of Honeycomb’s Lexicon File Integrity Monitoring into QRadar 7.x+.

The integration includes an IBM DSM module for  efficiently and automatically parsing incoming lexicon FIM data streams, and is included natively in QRadar v7.2 and above.

Honeycomb’s Lexicon File Integrity Monitor is configured to send it’s FIM event data streams in QRadar’s LEEF format, allowing fast and efficient detection and parsing of real-time and scanner-mode FIM events from LexFileMonitor.

“This integration adds an essential dimension to the Cyber Security view made visible by QRadar’s SIEM technology”, said Chief Technical Officer at Honeycomb Peter Sturge. “By including file system behavioural data into QRadar’s security EPS system, vulnerabilities, authorised and unauthorised file access and change behaviour is immediately detected and correlated with other security data streams, greatly increasing the visibility of external threats that have made their way inside an organization’s IT. Internal resources such as administrators, employees, visitors and contractors are also included in the security data streams, protecting against attacks and threats from within the IT environment.”

Lexicon File Integrity Monitor integration with IBM Security QRadar SIEM is available to all existing QRadar customers running v7.x and above via QRadar’s auto-update.

For more information on Honeycomb’s Lexicon File Integrity Monitor and associated solutions, please visit www.honeycomb.co.uk/solutions/file-integrity-monitoring.

IBM Security QRadar SIEM consolidates log source event data from thousands of devices endpoints and applications distributed throughout a network.

For more information on IBM’s QRadar products and related solutions, please visit the IBM Security QRadar SIEM web site.