QDI app 3.0.15 release

IBM’s QRadar is a leading Security Information and Event Management (SIEM) solution, empowering organizations to effectively manage, analyze, and respond to security data. IBM offers the QRadar Deployment Intelligence (QDI) app to further enhance its deployment capabilities. This post will explore the app’s purpose and highlight the key enhancements in the latest version 3.0.15.

What Is the QRadar Deployment Intelligence (QDI) App?

The QRadar Deployment Intelligence app is designed to monitor the health of your QRadar deployment. It consolidates historical data per host, including status, uptime, notifications, event and flow rates, system performance metrics, and QRadar-specific metrics. This comprehensive monitoring enables security teams to proactively identify potential issues, optimize system performance, and ensure the seamless operation of their security infrastructure.

Core Functionalities of the QRadar Deployment Intelligence (QDI) app

Before delving into the latest update, it’s essential to understand some of the app’s core functionalities:

  • Deployment Health Monitoring: Provides real-time visibility into the status of QRadar components, ensuring prompt detection of system health issues.
  • Resource Utilization Metrics: Allows monitoring of CPU, memory, and disk usage to manage system performance and prevent bottlenecks.
  • Alert Management: Enables alerting users to anomalies or critical status changes that may impact the SIEM’s effectiveness.
  • Historical Data Analysis: Offers access to historical data, facilitating trend identification and future capacity planning.

New Features and Enhancements in QDI 3.0.15

QDI app 3.0.15

The release of version 3.0.15 brings a set of new features and refinements designed to make system oversight more intuitive and data-driven. Here are the highlights of what’s new:

1. Security Enhancements

Version 3.0.15 focuses on security by updating packages to address known vulnerabilities, ensuring that your deployment remains protected against potential threats.

2. Custom Rules Engine (CRE) Queue Chart

A new CRE Queue chart is available on the performance section of the overview page, displaying the CRE queue size per host. This feature is available on QRadar 7.5.0 UP4 and later.

3. Parsing Queue Chart

The Parsing Queue chart, also on the performance section of the overview page, shows the parsing queue size per host. This feature is available on QRadar 7.5.0 UP4 and later.

4. Enhanced Dashboard Customization

The app now uses the IBM Carbon UI/UX Design (introduced in version 3.0.0), featuring a fully customizable dashboard. Users can add, remove, resize, and change the layout of charts, and switch between dark and light themes.

5. Persistent Report Storage

Reports generated by the app are saved in persistent storage on your QRadar deployment. This ensures that reports are not lost even if the app is removed or the container restarts.

6. Database Engine Upgrade

The database engine has been upgraded from Sqlite3 to PostgreSQL, improving performance and storage mechanisms for collecting QRadar Deployment Intelligence data.

Installing QRadar Deployment Intelligence

The easiest way is to use the IBM® QRadar® Assistant app to install the IBM QRadar Deployment Intelligence app archive on your QRadar Console. Before you install the app, ensure that QRadar meets the minimum memory (RAM) requirements. QRadar Deployment Intelligence requires 800 MB of free memory from the application pool of memory. The best approach is adding a dedicated App Host to your QRadar deployment, which will host all the apps installed. Moreover, the App Host can assign 80% of available RAM to the apps, while the console can only give 10% of its resources.

  1. Choose one of the following methods to download your app:
    • If the IBM QRadar Assistant app is configured on QRadar, use the following instructions to install QRadar Deployment Intelligence: QRadar Assistant app
    • If the QRadar Assistant app is not configured, download the QRadar Deployment Intelligence app archive from the IBM Security App Exchange (https://apps.xforce.ibmcloud.com/) onto your local computer. You must have an IBM ID to access the App Exchange.
  2. If you downloaded the app from the App Exchange, complete the following steps:
    1. On the QRadar Console, click Admin > Extensions Management.
    2. In the Extension Management window, click Add and select the app archive that you want to upload to the console.
    3. Select the Install Immediately checkbox. Important: You might have to wait several minutes before your app becomes active.
    4. To preview the contents of an app after it is added and before it is installed, select it from the list of extensions, and click More Details. Expand the folders to view the individual content items in each group.
  3. When the installation is complete, clear your browser cache and refresh the browser window to see the QDI tab.
  4. QRadar Deployment Intelligence (QDI) needs an SEC token to access REST API endpoints and Ariel searches. After the installation, you need to generate a new security token or use the one previously generated for apps.

Why Upgrade to v3.0.15?

For current users of the QRadar Deployment Intelligence app, upgrading to version 3.0.15 is a strategic move especially if they use IPv6 addressing in their monitored network. The QRadar Deployment Intelligence app v3.0.15 exemplifies IBM’s commitment to continuous improvement and user-centric design. By offering deeper insights and more proactive management tools, this version empowers security teams to achieve more effective system oversight and maintain top-tier performance in their QRadar deployments.

For organizations looking to maximize their investment in QRadar, updating to version 3.0.15 is a strategic choice that pays off in improved system reliability and smarter resource management.

Leave a Reply

Your email address will not be published. Required fields are marked *