Tag: QRadar

Integrating QRadar with VirusTotal

Hello. In the last article we considered creating rules, and today I want to describe the method that will help SIEM administrators respond to possible security incidents faster. When working with information security incidents in QRadar it is extremely important to increase operators’ and analysts’ operation speed in SOC. Usage of built-in tools provides ample […]

Read More
Creating Rules in IBM QRadar

Last week, I wrote about how to update your IBM QRadar. But the correct operation of any SIEM is not only updating the build, or collection and storage of events from various data sources. The primary task of SIEM is to identify security incidents. The vendor provides preconfigured detection rules for IBM QRadar, but most […]

Read More
Updating IBM QRadar

The efficient SIEM operation directly depends on fixing detected vulnerabilities and issues in its functioning. The primary method for this is updating the system to the latest version. Updates can include fixing security issues, releasing new functionality, improving system performance, patches, and so on. In my recent article, we reviewed how to create backups in […]

Read More
Configuration, Events and Content Backup in IBM QRadar

While working with SIEM, eventually you come across a situation where your tool requires to be updated to the latest version, moved to a different data center or migrated to a more productive installation. An integral part of this is the creation of backups and the subsequent transfer of data, configurations or customized content to […]

Read More
Event Filtering in IBM QRadar

While configuring a SIEM tool (including IBM QRadar), administrators often make the wrong decision: “Let’s send all logs to SIEM, and then we’ll figure out what to do with them.” Such actions most often lead to enormous license utilization, huge workload on a SIEM tool, appearance of a cache queue, and sometimes to event loss. […]

Read More
Assets and describing critical infrastructure objects

While implementing and using IBM QRadar, users often ask the following questions: what are Assets? What are they needed for? What can we do with them? How to automate the filling of the Assets model? ‘Assets’ is a model that describes infrastructure and allows IBM QRadar system to react differently to the events that are […]

Read More
What is network hierarchy and how to use it in IBM QRadar

Network hierarchy is a description of the internal model of organization’s network. The network model allows you to describe all internal segments of the network including server segment, DMZ, user segment, Wi-Fi and so on. This data is necessary to enrich the data of registered Offenses; you can use the network model data in rules, […]

Read More
How to fix parsing issues in QRadar without technical support

All QRadar products can be divided into two groups: versions before 7.2.8 and all newest versions. In 7.2.8+ QRadar versions, all parsing changes are performed from the WEB console. To fix a parsing issue, you need to do the following steps: Create Search on Log Activity page in QRadar where you can get events with […]

Read More
International conference on cyber security “Cyber For All”

24.11.2016 SOC Prime, Inc hosted the first international conference on cyber security “Cyber For All” in Kyiv, Ukraine. SOC Prime staff and business partners made presentations and several customers shared their real success stories of their usage of SOC Prime products. Conference was attended mainly by representatives of the telecom and finance business community of Ukraine. Kyiv […]

Read More