Plugins 〉IBM Security QRadar Suite
IBM Security QRadar Suite
KQL query visualization in Grafana dashboards
Use the IBM Security QRadar® Suite KQL Plugin to run Kusto Query Language (KQL) queries against your IBM Security QRadar Suite KQL instance.
A Grafana dashboard panel displays your query results.
The Grafana plugin distribution also includes sample dashboard JSON.
For more information about the plugin, see IBM Security QRadar Suite KQL Plugin User Documentation.
For more information about KQL queries, see Kusto Query Language (KQL) overview.
Configuring an IBM Security QRadar Suite data source in Grafana
Configure an external data source for IBM Security QRadar Suite in your Grafana instance to communicate with IBM Security QRadar Suite.
Before you begin
Verify that the IBM Security QRadar Suite KQL Plugin is installed.
- In your Grafana instance, from the navigation menu, click Administration > Plugins.
- In the Search field, enter IBM Security QRadar Suite. The status of your IBM Security QRadar Suite KQL Plugin is displayed.
- For more information about the IBM Security QRadar Suite KQL Plugin, click the IBM Security QRadar Suite tile.
- To configure an IBM Security QRadar Suite data source in Grafana, you must complete the following tasks:
- Obtain your IBM Security QRadar Suite KQL cluster URL from your IBM Security QRadar Suite instance.
- Collaborate with an IBM Security QRadar Suite administrator to obtain an IBM Security QRadar Suite Grafana user API Key and user API Secret.
- Collaborate with an IBM Security QRadar Suite administrator to obtain an IBM Security QRadar Suite account ID.
Procedure
- In your Grafana instance, from the navigation menu, click Administration > Data Sources.
- On the Data sources page, click Add new data source.
- In the Filter by name or type field, enter IBM Security QRadar Suite, and then select the IBM Security QRadar Suite tile.
- In the Host field, enter your IBM Security QRadar Suite KQL cluster URL.
- In the API Key field, enter your IBM Security QRadar Suite Grafana user API Key.
- In the API Secret field, enter your IBM Security QRadar Suite Grafana user API Secret.
- In the Account ID field, enter your IBM Security QRadar Suite account ID.
- Click Save & test. If your configuration is successful, a Data source is working message is displayed.
Importing sample dashboards
JSON files of pre-constructed dashboards are available on the IBM Security QRadar Suite KQL data source configuration page.
Use the sample dashboards as a reference for creating your own dashboards.
About this task
If you change a sample dashboard, you are prompted to save or overwrite your changes.
If you want to save your changes to a new dashboard, click Save as. Otherwise, your changes are lost.
Important
If you save a copy of a sample dashboard, the unique identifier (UID) value in the dashboard's data link URL changes.
You must update both the UID value and name in the data link URL of any dashboards that reference the dashboard that you saved.
For more information, see Configure data links.
Procedure
- In your Grafana instance, from the navigation menu, click Administration > Data Sources.
- On the Data sources page, select the IBM Security QRadar Suite data source from the table.
- On the IBM Security QRadar Suite page, click the Dashboards tab.
- Find the row of the sample dashboard that you would like to import and click Import.
- From the navigation menu, click the Dashboards icon.
- On the Dashboards page, click the sample dashboard that you imported. The sample dashboard is displayed.
Grafana Cloud Free
- Free tier: Limited to 3 users
- Paid plans: $55 / user / month above included usage
- Access to all Enterprise Plugins
- Fully managed service (not available to self-manage)
Self-hosted Grafana Enterprise
- Access to all Enterprise plugins
- All Grafana Enterprise features
- Self-manage on your own infrastructure
Grafana Cloud Free
- Free tier: Limited to 3 users
- Paid plans: $55 / user / month above included usage
- Access to all Enterprise Plugins
- Fully managed service (not available to self-manage)
Self-hosted Grafana Enterprise
- Access to all Enterprise plugins
- All Grafana Enterprise features
- Self-manage on your own infrastructure
Grafana Cloud Free
- Free tier: Limited to 3 users
- Paid plans: $55 / user / month above included usage
- Access to all Enterprise Plugins
- Fully managed service (not available to self-manage)
Self-hosted Grafana Enterprise
- Access to all Enterprise plugins
- All Grafana Enterprise features
- Self-manage on your own infrastructure
Grafana Cloud Free
- Free tier: Limited to 3 users
- Paid plans: $55 / user / month above included usage
- Access to all Enterprise Plugins
- Fully managed service (not available to self-manage)
Self-hosted Grafana Enterprise
- Access to all Enterprise plugins
- All Grafana Enterprise features
- Self-manage on your own infrastructure
Grafana Cloud Free
- Free tier: Limited to 3 users
- Paid plans: $55 / user / month above included usage
- Access to all Enterprise Plugins
- Fully managed service (not available to self-manage)
Self-hosted Grafana Enterprise
- Access to all Enterprise plugins
- All Grafana Enterprise features
- Self-manage on your own infrastructure
Installing IBM Security QRadar Suite on Grafana Cloud:
Installing plugins on a Grafana Cloud instance is a one-click install; same with updates. Cool, right?
Note that it could take up to 1 minute to see the plugin show up in your Grafana.
Installing plugins on a Grafana Cloud instance is a one-click install; same with updates. Cool, right?
Note that it could take up to 1 minute to see the plugin show up in your Grafana.
Installing plugins on a Grafana Cloud instance is a one-click install; same with updates. Cool, right?
Note that it could take up to 1 minute to see the plugin show up in your Grafana.
Installing plugins on a Grafana Cloud instance is a one-click install; same with updates. Cool, right?
Note that it could take up to 1 minute to see the plugin show up in your Grafana.
Installing plugins on a Grafana Cloud instance is a one-click install; same with updates. Cool, right?
Note that it could take up to 1 minute to see the plugin show up in your Grafana.
Installing plugins on a Grafana Cloud instance is a one-click install; same with updates. Cool, right?
Note that it could take up to 1 minute to see the plugin show up in your Grafana.
Installing plugins on a Grafana Cloud instance is a one-click install; same with updates. Cool, right?
Note that it could take up to 1 minute to see the plugin show up in your Grafana.
For more information, visit the docs on plugin installation.
Installing on a local Grafana:
For local instances, plugins are installed and updated via a simple CLI command. Plugins are not updated automatically, however you will be notified when updates are available right within your Grafana.
1. Install the Data Source
Use the grafana-cli tool to install IBM Security QRadar Suite from the commandline:
grafana-cli plugins install The plugin will be installed into your grafana plugins directory; the default is /var/lib/grafana/plugins. More information on the cli tool.
Alternatively, you can manually download the .zip file for your architecture below and unpack it into your grafana plugins directory.
Alternatively, you can manually download the .zip file and unpack it into your grafana plugins directory.
2. Configure the Data Source
Accessed from the Grafana main menu, newly installed data sources can be added immediately within the Data Sources section.
Next, click the Add data source button in the upper right. The data source will be available for selection in the Type select box.
To see a list of installed data sources, click the Plugins item in the main menu. Both core data sources and installed data sources will appear.
Changelog
1.0 GA
Updates:
- config editor tooltips.
- query builder updates:
- recognise Grafana time picker macros.
- displays available schema.
- query editor Run Query button spinner while query running.
- variable query editor consistent with dashboard query editor.
- updated sample dashboard content.
- improved error handling and logging.
- bug fixes and security updates.
0.2 (unreleased)
Updates:
- support for dashboard template variables.
- addition of a dashboard panel KQL query builder with suggestions.
- improved plugin error handling messages.
- addition of more OOTB sample dashboards.
0.1 (unreleased)
Initial release.
- supports KQL queries against Storage Data Access Service API.
- KQL syntax checker & suggestions.
- supports Grafana date / time picker macros.
- configuration editor UI updates
- query editor UI updates
- includes a sample dashboard JSON file
