My account

Tag: QRadar

Integrating QRadar with VirusTotal

1,987

Hello. In the last article we considered creating rules, and today I want to describe the method that will help SIEM administrators respond to possible security incidents faster. When working with information security incidents in QRadar it is extremely important to increase operators’ and analysts’ operation speed in SOC. Usage of built-in tools provides ample […]

Creating Rules in IBM QRadar

3,251

Last week, I wrote about how to update your IBM QRadar. But the correct operation of any SIEM is not only updating the build, or collection and storage of events from various data sources. The primary task of SIEM is to identify security incidents. The vendor provides preconfigured detection rules for IBM QRadar, but most […]

Updating IBM QRadar

450

The efficient SIEM operation directly depends on fixing detected vulnerabilities and issues in its functioning. The primary method for this is updating the system to the latest version. Updates can include fixing security issues, releasing new functionality, improving system performance, patches, and so on. In my recent article, we reviewed how to create backups in […]

While working with SIEM, eventually you come across a situation where your tool requires to be updated to the latest version, moved to a different data center or migrated to a more productive installation. An integral part of this is the creation of backups and the subsequent transfer of data, configurations or customized content to […]

Event Filtering in IBM QRadar

3,256

While configuring a SIEM tool (including IBM QRadar), administrators often make the wrong decision: “Let’s send all logs to SIEM, and then we’ll figure out what to do with them.” Such actions most often lead to enormous license utilization, huge workload on a SIEM tool, appearance of a cache queue, and sometimes to event loss. […]