Categories
Architecture

New features in QRadar version 7.2.5

Find below a new features in QRadar version 7.2.5 which was released for public 6th of June 2015

Domain segmentation

Domain segmentation introduced in current version based on event and flow collectors, log sources, log source groups, flow sources, and custom properties. From now on you can grant access to domains using security profiles and make sure that domain restrictions are comply  with  the entire QRadar system.

LDAP authorization

Lightweight Directory Access Protocol (LDAP) providers for authorization. QRadar reads the user and role information from the LDAP server, based on the authorization criteria defined. Moreover you can configure QRadar to map entries from multiple LDAP repositories into a single virtual repository.

Centralized log file collection

Simultaneously collecting log files from all managed hosts directly to QRadar. Log files contain detailed information about deployment, such as host names, IP addresses, and email addresses.

Improved SSH key management

Distributing SSH keys during deployment. During upgrade to QRadar V7.2.5, installer replaces the SSH keys that are currently on the managed hosts. Removing or altering the keys might disrupt communication between the QRadar Console and the managed hosts, which can result in lost data.

Master Console

Monitor one or multiple QRadar deployments with Master Console. You can use Master Console to view system notifications, event and flow rates, CPU usage by process, memory usage, and more working data.

System health

The feature of viewing all of your system notifications, and other health information about your QRadar host in one place.

Deployment management

Introduction of  new management screens for adding new managed hosts to your QRadar deployment. This new menu partly replaces the same options from Deployment editor which is Java based client.

X-Force Exchange integration with QRadar

Use X-Force Exchange to collect and lookup IP addresses and get more information on URLs that were identified by QRadar in events, rules, flows, and offenses. You can send any IP address that is displayed in QRadar to X-Force Exchange. You can also use URLs from events on the Log Activity tab.

Reporting enhancements

New feature  of share reports with groups of users. Now, add the report to a report group shared with everyone or a group shared only with users who have specific user roles and security profiles. Setting a level of  confidentiality for a report, with notification which appears in the report header and footer. Now, also, add page numbers and create reports based on saved asset searches.

More advanced search options

Use the TEXT SEARCH operator to do full text searches and find specific text in custom properties for events and flows. Use historical correlation when analyzing events loaded in bulk, testing new rules, and re-creating offenses that were lost or purged.

Ariel Query Language (AQL) lookup functions

In 7.2.5. the new AQL X-Force lookup functions added to query X-Force IP address and URL categorizations. The categorizations can be used in query result data or they can be used to filter events and flows.