QRadar upgrade – Parallel upgrade vs. Patch all

There are two methods commonly used for the QRadar upgrade. These methods apply to the distributed deployment only but not to the All-in-One installation. By default, the QRadar console has all the capabilities and features. However, when there is a need to improve functionality and there are not enough resources in a single hardware server, […]


New version of Splunk forwarder app

Recently IBM has provided the new version of Splunk forwarder app. This is a very useful tool for anybody using both systems. As we know Splunk and IBM QRadar are two of the top SIEM (Security Information and Event Management) products, but each of them offers different profits to users.  Based on Gartner assessment, Splunk […]


Customising QRadar interface

Customising QRadar interface, after issuing version 7.3.0, is rather a simple task. Users, willing to do it, don’t need to have more skills than editing and copying files in Linux. Obviously, don’t do this in production systems. This is not supported. You do this on own risk only. Edit Simple edit the file below, […]

General Uncategorized

Generating and receiving events with QRadar

QRadar is capable of receiving and parsing events from a variety of third-party security products. The full list of supported devices is available in the documentation and the several formats and devices increases often. Receiving events with QRadar QRadar can pick up events in “auto-detected” mode from supported appliance, what let you see events immediately […]