My account

Tag: QRadar

Integrating QRadar with VirusTotal


Hello. In the last article we considered creating rules, and today I want to describe the method that will help SIEM administrators respond to possible security incidents faster. When working with information security incidents in QRadar it is extremely important to increase operators’ and analysts’ operation speed in SOC. Usage of built-in tools provides ample […]

Creating Rules in IBM QRadar


Last week, I wrote about how to update your IBM QRadar. But the correct operation of any SIEM is not only updating the build, or collection and storage of events from various data sources. The primary task of SIEM is to identify security incidents. The vendor provides preconfigured detection rules for IBM QRadar, but most […]

Updating IBM QRadar


The efficient SIEM operation directly depends on fixing detected vulnerabilities and issues in its functioning. The primary method for this is updating the system to the latest version. Updates can include fixing security issues, releasing new functionality, improving system performance, patches, and so on. In my recent article, we reviewed how to create backups in […]

While working with SIEM, eventually you come across a situation where your tool requires to be updated to the latest version, moved to a different data center or migrated to a more productive installation. An integral part of this is the creation of backups and the subsequent transfer of data, configurations or customized content to […]

Event Filtering in IBM QRadar


While configuring a SIEM tool (including IBM QRadar), administrators often make the wrong decision: “Let’s send all logs to SIEM, and then we’ll figure out what to do with them.” Such actions most often lead to enormous license utilization, huge workload on a SIEM tool, appearance of a cache queue, and sometimes to event loss. […]

While implementing and using IBM QRadar, users often ask the following questions: what are Assets? What are they needed for? What can we do with them? How to automate the filling of the Assets model? ‘Assets’ is a model that describes infrastructure and allows IBM QRadar system to react differently to the events that are […]

Network hierarchy is a description of the internal model of organization’s network. The network model allows you to describe all internal segments of the network including server segment, DMZ, user segment, Wi-Fi and so on. This data is necessary to enrich the data of registered Offenses; you can use the network model data in rules, […]

All QRadar products can be divided into two groups: versions before 7.2.8 and all newest versions. In 7.2.8+ QRadar versions, all parsing changes are performed from the WEB console. To fix a parsing issue, you need to do the following steps: Create Search on Log Activity page in QRadar where you can get events with […]

24.11.2016 SOC Prime, Inc hosted the first international conference on cyber security “Cyber For All” in Kyiv, Ukraine. SOC Prime staff and business partners made presentations and several customers shared their real success stories of their usage of SOC Prime products. Conference was attended mainly by representatives of the telecom and finance business community of Ukraine. Kyiv […]