Blog

IBM Xforce Exchange Qradar Incident App Overview

What is Xforce Exchange app ? Here are some links explaining exactly it , https://exchange.xforce.ibmcloud.com/faq We will be focusing on Qradar  Incident Overview App , Incident Overview App allows an easy way to visualize offense which are live on Qradar SIEM . Each offense is show as a bubble , offense with mutual Indicators will be connected with a blue…

Qradar Custom Email Notification

 IBM announced Support for multiple Email custom notification with Qradar 7.2.6 https://www.ibm.com/support/knowledgecenter/SS42VS_7.2.6/com.ibm.qradar.doc/t_CONFIGURING_CUSTOM_EMAIL_NOTIFICATIONS.html After a quick review, we can notice the Custom properties in 7.2.6 in nowhere to find. Meaning we can’t add “Custom” indexes to our Mail templates. For example we are monitoring sensitive groups, we can shape a new mail notification, but we can…

Qradar Open Mics updated 2016

 Members of the IBM Security QRadar Support and QRadar Architecture team met with customers to discuss: Searching Your QRadar Data Efficiently. Our goal is to provide insight on how QRadar works and to teach on-going sessions that help both users and administrators understand, maintain, troubleshoot, and resolve issues with their QRadar Security Intelligence system. https://twitter.com/AskIBMSecurity –  @AskIBMSecurityhttp://www-01.ibm.com/support/docview.wss?uid=swg21990294…

Symantec Risk Not Found

Qradar supports Symantec endpoint security out of the box , see link for IBM knowledge center.Symantec Endpoint DSM  Symantec EPS is combined of many endpoint security modules like HIPS, firewall and sonar. We usually will see Virus associated logs like : <54>Apr 10 00:00:25 Symantec Server SEPBEDPROD: Virus found,IP Address: 10.0.1.5,Computer name: af73075-pc,Source: Real Time Scan,Risk…

IBM Qradar SIEM Audit

With 7.2.7 Patch came some simple and much needed searches which were already a part of Qradar capabilities , but wasn’t accessible  easily nor did you have any predefined searches to run . After updating to 7.2.7 and installing extensions like PCI , those audit  searches will show up :  After a quick view on those predefined…