Tag: siem

Almost Everything is perfect in the Land of Qradar logs

But sometimes you can encounter a Sensor which will not send  full data information For example: We will take Imperva ScureSphere WAF as an example: IBM knowledge Center :http://www-01.ibm.com/support/knowledgecenter/SS42VS_7.2.5/com.ibm.dsm.doc/t_DSM_guide_SecuresphereWhich explains  how to configure the imperva to send syslogs toward qradar machine by just configuring action set to use this format for Qradar to understand the…

Mcafee DLP Events Support

Qradar Supports MacAfee EPO and Symantec SEP But not all of it. 1. SEP has full support for Antivirus, HIPS and Sonar functions, when using SEP as Device Control the Data is incoming as Misc. event and not as Device Control event.Meaning all of the Data Coming from SEP regarding Device Control Does Not parse…

IBM Xforce Exchange Qradar Incident App Overview

What is Xforce Exchange app ? Here are some links explaining exactly it , https://exchange.xforce.ibmcloud.com/faq We will be focusing on Qradar  Incident Overview App , Incident Overview App allows an easy way to visualize offense which are live on Qradar SIEM . Each offense is show as a bubble , offense with mutual Indicators will be connected with a blue…

Qradar Custom Email Notification

 IBM announced Support for multiple Email custom notification with Qradar 7.2.6 https://www.ibm.com/support/knowledgecenter/SS42VS_7.2.6/com.ibm.qradar.doc/t_CONFIGURING_CUSTOM_EMAIL_NOTIFICATIONS.html After a quick review, we can notice the Custom properties in 7.2.6 in nowhere to find. Meaning we can’t add “Custom” indexes to our Mail templates. For example we are monitoring sensitive groups, we can shape a new mail notification, but we can…

Qradar Open Mics updated 2016

 Members of the IBM Security QRadar Support and QRadar Architecture team met with customers to discuss: Searching Your QRadar Data Efficiently. Our goal is to provide insight on how QRadar works and to teach on-going sessions that help both users and administrators understand, maintain, troubleshoot, and resolve issues with their QRadar Security Intelligence system. https://twitter.com/AskIBMSecurity –  @AskIBMSecurityhttp://www-01.ibm.com/support/docview.wss?uid=swg21990294…