This publication took longer to get through the gears of IBM, but it’s now publicly available. Don’t forget, this guide covers transitioning from IBM Tivoli Compliance Insight Manager (TCIM) as well.
Click here to download the IBM Tivoli Security Information and Event Manager to IBM QRadar Transition Guide.
IBM Tivoli Security Information and Event Manager (TSIEM) was developed as a compliance management monitoring and reporting product for various operating systems, applications and devices. IBM acquired Q1 Labs in 2011 with its industry-leading security intelligence platform QRadar, providing a security solution that can be used across the entire network.
Anyone who is planning a transition of TSIEM to QRadar should read this document first to deter-mine what steps should be considered to create a transition plan. This document provides a high level description of the steps rather than the detailed technical description of how to perform the actual transition. Tooling is not part of this document although the description may help in designing such tooling. IBM Services or any other IBM Business Partner can help produce the appropriate toolbox to automate the transition. The customer should be prepared to keep their TSIEM installation to support historical reporting or log archive management to meet their compliance or audit requirements. This transition document therefore should only address the replacement of TSIEM by QRadar within the context of regulatory compliancy.
This document will provide a basic overview of TSIEM to QRadar data migration capabilities and options, as well as data storage principles.