This Content Pack enables integrating the Varonis DatAlert functionality into IBM QRadar. The Content Pack includes field extractions and event categorization that assist users in querying and visualizing Varonis alerts using IBM QRadar, and that enable correlating the Varonis alerts with other events collected by IBM QRadar.


The following must be installed and running on your company’s server:

  • IBM QRadar 7.3 and higher
  • DatAlert 6.3.16x and higher
  • To configure the Varonis Content Pack for IBM QRadar, the user must be the admin user.