Categories
Admin Architecture

How to change a forgotten password in QRadar

QRadar has multiple ways to authenticate users. Apart from the default System Authentication based on data kept in the Postgres database, you can configure external Authentication using RADIUS, TACACS, LDAP or SAML methods. In the screenshot above you can also see Active Directory option, which has been recently removed from the allowed methods of authentication […]

Categories
Admin

Deploying changes locally

Many QRadar users and admins hit time out or error issue when they are deploying changes in QRadar to the Managed Hosts. Not all of them know how to troubleshoot this problem. I will describe here a simple solution to this problem when qradar not deploying changes. QRadar has two different approaches to store configuration. […]

Categories
Admin Architecture

QRadar backup

QRadar backup is one of the most important feature to use by each system administrator. There are two types of backups – configuration backup and data backup. It is highly recommended to do backups on regular basis and by default, QRadar creates a backup nightly but you can reschedule and adjust it to your needs. […]

Categories
Admin

Routing data in QRadar

There are two options for routing data in QRadar: Online: Forwarding takes place during the QRadar event pipeline as part of ECS-EC (event correlation service – event collection) process. It can be described as real-time streaming of data as it is in the event pipeline, the Event Forwarding process that lives in ECS-EC routes the […]