Integration of SailPoint IIQ with QRadar to monitor audit activities

milinaphalke · October 31, 2023, 6:32am

Hi All,

We are in the process to integrate SailPoint with SIEM system.

So, we want the SIEM (QRadar) to monitor all the auditevent actions like login, login failure, password change etc.

So, we were looking for SailPoint logs which will log all the audit related activities.

Have browsed through the forums and noticed the suggestion to use spt_audit_event table.

Is it good way to allow QRadar to read the spt_audit_event table ? Did anyone implement this solution at their customer end.

Please share inputs.

Thanks & Regards,

Milina Phalke

MVKR7T · November 1, 2023, 12:37pm

Alternatively you can use SIEM Plugin as well.

I don’t see any issue with that, I would go for read only permission.

In one of my clients, We integrated with Splunk with config in log4j. Splunk reads all the SailPoint logs, send us an email if there are any errors.

system · December 31, 2023, 12:37pm

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Use cases covered to monitor SailPoint IIQ using QRadar IIQ Discussion and Questions identityiq	2	455	December 30, 2023
IIQ REST API List needed IIQ Discussion and Questions	6	2048	July 19, 2023
IDN2QRadar - Open Source Tool ISC Community Knowledge Base	0	2913	March 23, 2021
SIEM integration with SailPoint Dev environment IIQ Discussion and Questions identityiq	4	238	August 23, 2024
IDN integration qradar universal cloud connector ISC Discussion and Questions apis , identity-security-cloud , api-specifications	1	50	December 17, 2024