Access Request Workflow Events for Integration of SPP with IBM QRADAR SIEM

Dear Community,

We are integrating SPP with our IBM QRADAR SIEM solution and would like to understand which events from the Access Request Workflow can be forwarded to the SIEM. I have attached a screenshot where the SIEM team has pulled information from IBM QRADAR SIEM.

Additionally, I reviewed the Event Types available in SPP, but could not locate any references to [AccessRequestWorkflow]. Could anyone provide guidance on whether this event type is available for forwarding or if there are alternatives?

Any assistance on this matter would be highly appreciated.

Kind regards,
Muhammad Faraz Khan

  • "Access Request Workflow" is not a single event in this case but multiple events associated with an Access Request for example, there are many different events that start with "Access Request ......" which would be part of the access request workflow 

    Access Request Created

    Access Request Auto-Approved

    Access Request Available

    Access Request Session Initialized

    Access Request Checked In

    etc

    Thanks!