DSM Editor is multi-task editor, which let you parse any event received by QRadar box. QRadar supports more than 1000 Log Sources out of the box. It is possible because this type of SIEM software has installed a device support modules called DSMs, which let QRadar parse the logs. The most widely used software and […]
Author: Robert Rojek
Please find below embedded three movies by Jose Bravo about migrating from App Node to App Host. App Host is new component in QRadar family. It has number 4000 and it works like normal Managed Host. You can doubled the component in High Availability cluster in the same way like other Managed Hosts in your […]
Installing an App Node in QRadar environment is only possible for QRadar 7.3.0 and QRadar 7.3.1. Below this number, in versions 7.2.6 to 7.2.8, you must not off-board apps from the console. Forward this version, since 7.3.2 App Node has been replaced by App Host and became the same component as the other Managed Hosts […]
New version of Splunk forwarder app
Recently IBM has provided the new version of Splunk forwarder app. This is a very useful tool for anybody using both systems. As we know Splunk and IBM QRadar are two of the top SIEM (Security Information and Event Management) products, but each of them offers different profits to users. Based on Gartner assessment, Splunk […]
Customising QRadar interface
Customising QRadar interface, after issuing version 7.3.0, is rather a simple task. Users, willing to do it, don’t need to have more skills than editing and copying files in Linux. Obviously, don’t do this in production systems. This is not supported. You do this on own risk only. Edit qradar.properties Simple edit the file below, […]
QRadar in AWS Marketplace
Great news for QRadar admins. From the 1st of February, QRadar is available in the AWS Marketplace. Amazon Web Services (AWS) is one of the oldest and the most popular services, where you can deploy own Virtual Appliance. Deploying Appliance from the official image provided by IBM of QRadar Amazon Machine Images (AMI) available on […]
Second part of QRadar 7.3.2 features
As promised in the last month, please find the second part of the QRadar 7.3.2 features article. As for today (mid of February), a new version is still not available for public, but I could see another new build generated in this month (20190201201121) and I believe we are days only from issuing a new […]
Sneak Peek at QRadar 7.3.2
Soon (the first quarter of 2019), we can expect a new version of QRadar. This is a sneak peek at QRadar 7.3.2, which runs on RHEL 7.5. New version introducing so many improvements, that I could not list all of them at once. In this article, I describe only the most significant changes for me, […]
New version of QDI
On 4th January 2019, a new version (2.2.3) of QRadar Deployment Intelligence (QDI) application issued to the public. Among new features, the most significant are; QDI self-diagnostics, QRadar applications memory allocation breakdown, processing EPS and sources of license give back. New detailed features in version 2.2.3 The more detailed and better details of status for […]
QRadar is capable of receiving and parsing events from a variety of third-party security products. The full list of supported devices is available in the documentation and the several formats and devices increases often. Receiving events with QRadar QRadar can pick up events in “auto-detected” mode from supported appliance, what let you see events immediately […]