Categories
General

DSM Editor (part one)

DSM Editor is multi-task editor, which let you parse any event received by QRadar box. QRadar supports more than 1000 Log Sources out of the box. It is possible because this type of SIEM software has installed a device support modules called DSMs, which let QRadar parse the logs. The most widely used software and […]

Categories
Architecture Extensions Video

Migrating from App Node to App Host

Please find below embedded three movies by Jose Bravo about migrating from App Node to App Host. App Host is new component in QRadar family. It has number 4000 and it works like normal Managed Host. You can doubled the component in High Availability cluster in the same way like other Managed Hosts in your […]

Categories
Tutorial

Installing an App Node in QRadar environment

Installing an App Node in QRadar environment is only possible for QRadar 7.3.0 and QRadar 7.3.1. Below this number, in versions 7.2.6 to 7.2.8, you must not off-board apps from the console. Forward this version, since 7.3.2 App Node has been replaced by App Host and became the same component as the other Managed Hosts […]

Categories
App

New version of Splunk forwarder app

Recently IBM has provided the new version of Splunk forwarder app. This is a very useful tool for anybody using both systems. As we know Splunk and IBM QRadar are two of the top SIEM (Security Information and Event Management) products, but each of them offers different profits to users.  Based on Gartner assessment, Splunk […]

Categories
Tutorial

Customising QRadar interface

Customising QRadar interface, after issuing version 7.3.0, is rather a simple task. Users, willing to do it, don’t need to have more skills than editing and copying files in Linux. Obviously, don’t do this in production systems. This is not supported. You do this on own risk only. Edit qradar.properties Simple edit the file below, […]

Categories
Virtual Appliance

QRadar in AWS Marketplace

Great news for QRadar admins. From the 1st of February, QRadar is available in the AWS Marketplace. Amazon Web Services (AWS) is one of the oldest and the most popular services, where you can deploy own Virtual Appliance. Deploying Appliance from the official image provided by IBM of QRadar Amazon Machine Images (AMI) available on […]

Categories
Architecture

Second part of QRadar 7.3.2 features

As promised in the last month, please find the second part of the QRadar 7.3.2 features article. As for today (mid of February), a new version is still not available for public, but I could see another new build generated in this month (20190201201121) and I believe we are days only from issuing a new […]

Categories
General

Sneak Peek at QRadar 7.3.2

Soon (the first quarter of 2019), we can expect a new version of QRadar. This is a sneak peek at QRadar 7.3.2, which runs on RHEL 7.5. New version introducing so many improvements, that I could not list all of them at once. In this article, I describe only the most significant changes for me, […]

Categories
App

New version of QDI

On 4th January 2019, a new version (2.2.3) of QRadar Deployment Intelligence (QDI) application issued to the public. Among new features, the most significant are; QDI self-diagnostics, QRadar applications memory allocation breakdown, processing EPS and sources of license give back. New detailed features in version 2.2.3 The more detailed and better details of status for […]

Categories
General Uncategorized

Generating and receiving events with QRadar

QRadar is capable of receiving and parsing events from a variety of third-party security products. The full list of supported devices is available in the documentation and the several formats and devices increases often. Receiving events with QRadar QRadar can pick up events in “auto-detected” mode from supported appliance, what let you see events immediately […]