SlideShare a Scribd company logo
IBM Security
QRadar SIEM Foundations
Reports
3 IBM Security
Reporting introduction
• A QRadar SIEM report is a means of scheduling and automating one or more
saved searches
• QRadar SIEM reports perform the following tasks
̶ Present measurements and statistics derived from events, flows, and offenses
̶ Provide users the ability to create custom reports
̶ Can brand reports and distribute them
• Predefined report templates serve a multitude of purposes, such as the following
examples
̶ Regulatory compliance
̶ Authentication activity
̶ Operational status
̶ Network status
̶ Executive summaries
4 IBM Security
Reports tab
You can search and sort report templates in a similar way as events and flows
5 IBM Security
• QRadar SIEM and extensions provide many report templates
̶ Before you create a new template, check the installed templates and the templates provided by
extensions available on the IBM App Exchange
Finding a report
Search:
Display report templates whose title,
description, group name, or author
user name matches the search
criteria
Reporting
Groups:
Display report
templates of a
reporting group
Hide Inactive Reports:
Disable to display all
inactive report templates
IBM App Exchange:
QRadar SIEM administrators can add
more report templates by
downloading and installing
extensions
© COPYRIGHT IBM CORPORATION 2017
5
6 IBM Security
Running a report
Toggle scheduling:
Toggle the active and
inactive state of the
selected template
Run Report on Raw Data:
Generate a report on raw
data if QRadar SIEM has not
captured the required time-
series data
Run Report:
Generate a report for the
selected report template
immediately, regardless of its
schedule or active/inactive
state
Delete Generated
Content:
Delete any generated
report for the selected
template
© COPYRIGHT IBM CORPORATION 2017
6
7 IBM Security
Running a report
8 IBM Security
Selecting the generated report
Estimated 34 seconds until
the report is generated
Select a generated report from the
list and click the PDF icon to view it
© COPYRIGHT IBM CORPORATION 2017
8
9 IBM Security
Viewing a report
10 IBM Security
Creating a new report template
• To watch specific firewall activity in a daily report, create a custom report template
11 IBM Security
Choosing a schedule
The schedule determines when the
report runs and the default data range
to use; for example, when you select
Weekly, the previous week's data
(Sunday-Saturday) is selected
12 IBM Security
Choosing a layout
• QRadar SIEM uses containers to segregate report pages so that different data sets
can show on the same report page
13 IBM Security
Defining report contents
14 IBM Security
Configuring the upper chart
15 IBM Security
Configuring the upper chart (continued)
16 IBM Security
Configuring the lower chart
17 IBM Security
Configuring the lower chart (continued)
18 IBM Security
Verifying the layout preview
19 IBM Security
Choosing a format
You can select any or all of the
available formats for reports
20 IBM Security
Distributing the report
21 IBM Security
Adding a description and assigning the group
• You can organize reports by
groups much like rules and log
sources
• You can use reporting groups to
sort report templates by
purpose, such as a specific
regulatory or executive
requirement
22 IBM Security
Verifying the report summary
23 IBM Security
Viewing the generated report
24 IBM Security
Best practices when creating reports
• For comparison and review, present network traffic charts and event tables together
• Consider the purpose of the report and choose the least number of page containers
that is necessary to communicate the data
• Do not choose a small page division for a graph that might contain a large number of
objects
• Executive summary reports use one-page or two-page divisions to simplify the report
focus
25 IBM Security
Best practice reports for Compliancy purposes
• Usage of Service accounts
• Usage of privileged user accounts
• Account management actions: Creation, deletion, modification
• Authorized access to sensitive data
• Audit modification actions
• Log collection completion
• User authentications
• Software and machine patch management
26 IBM Security
Best practice reports for Monitoring purposes
• Behavioral change in Service account authentication or usage
• Unauthorized acces to sensitive data
• Behavioral change in access to sensitive data
• Change in machine network behaviour
• Audit trail clearance
• Log collection failures
• Virus checker alerts
• Endpoint management alerts
• Critical resource patch failure
ibm.com/security
securityintelligence.com
xforce.ibmcloud.com
@ibmsecurity
youtube/user/ibmsecuritysolutions
© Copyright IBM Corporation 2016. All rights reserved. The information contained in these materials is provided for informational purposes only, and is provided AS IS without warranty of any kind,
express or implied. Any statement of direction represents IBM's current intent, is subject to change or withdrawal, and represent only goals and objectives. IBM, the IBM logo, and other IBM products
and services are trademarks of the International Business Machines Corporation, in the United States, other countries or both. Other company, product, or service names may be trademarks or service
marks of others.
Statement of Good Security Practices: IT system security involves protecting systems and information through prevention, detection and response to improper access from within and outside your
enterprise. Improper access can result in information being altered, destroyed, misappropriated or misused or can result in damage to or misuse of your systems, including for use in attacks on others.
No IT system or product should be considered completely secure and no single product, service or security measure can be completely effective in preventing improper use or access. IBM systems,
products and services are designed to be part of a lawful, comprehensive security approach, which will necessarily involve additional operational procedures, and may require other systems, products
or services to be most effective. IBM does not warrant that any systems, products or services are immune from, or will make your enterprise immune from, the malicious or illegal conduct of any party.
FOLLOW US ON:
THANK YOU

More Related Content

What's hot

What is SIEM? A Brilliant Guide to the Basics
What is SIEM? A Brilliant Guide to the BasicsWhat is SIEM? A Brilliant Guide to the Basics
What is SIEM? A Brilliant Guide to the Basics
Sagar Joshi
 
QRadar Architecture.pdf
QRadar Architecture.pdfQRadar Architecture.pdf
QRadar Architecture.pdf
PencilData
 
IBM QRadar Security Intelligence Overview
IBM QRadar Security Intelligence OverviewIBM QRadar Security Intelligence Overview
IBM QRadar Security Intelligence Overview
Camilo Fandiño Gómez
 
IBM QRadar BB & Rules
IBM QRadar BB & RulesIBM QRadar BB & Rules
IBM QRadar BB & Rules
Muhammad Abdel Aal
 
Roadmap to security operations excellence
Roadmap to security operations excellenceRoadmap to security operations excellence
Roadmap to security operations excellence
Erik Taavila
 
ISO 27001 Awareness/TRansition.pptx
ISO 27001 Awareness/TRansition.pptxISO 27001 Awareness/TRansition.pptx
ISO 27001 Awareness/TRansition.pptx
Dr Madhu Aman Sharma
 
Threat Hunting
Threat HuntingThreat Hunting
Threat Hunting
Splunk
 
SIEM presentation final
SIEM presentation finalSIEM presentation final
SIEM presentation final
Rizwan S
 
From SIEM to SOC: Crossing the Cybersecurity Chasm
From SIEM to SOC: Crossing the Cybersecurity ChasmFrom SIEM to SOC: Crossing the Cybersecurity Chasm
From SIEM to SOC: Crossing the Cybersecurity Chasm
Priyanka Aash
 
Effective Security Operation Center - present by Reza Adineh
Effective Security Operation Center - present by Reza AdinehEffective Security Operation Center - present by Reza Adineh
Effective Security Operation Center - present by Reza Adineh
ReZa AdineH
 
Detecting modern PowerShell attacks with SIEM
Detecting modern PowerShell attacks with SIEMDetecting modern PowerShell attacks with SIEM
Detecting modern PowerShell attacks with SIEM
Justin Henderson
 
Secure Systems Security and ISA99- IEC62443
Secure Systems Security and ISA99- IEC62443Secure Systems Security and ISA99- IEC62443
Secure Systems Security and ISA99- IEC62443
Yokogawa1
 
SOC Architecture Workshop - Part 1
SOC Architecture Workshop - Part 1SOC Architecture Workshop - Part 1
SOC Architecture Workshop - Part 1
Priyanka Aash
 
Wazuh Security Platform
Wazuh Security PlatformWazuh Security Platform
Wazuh Security Platform
Pituphong Yavirach
 
Introduction: CISSP Certification
Introduction: CISSP CertificationIntroduction: CISSP Certification
Introduction: CISSP Certification
Sam Bowne
 
Information Security Management System ISO/IEC 27001:2005
Information Security Management System ISO/IEC 27001:2005Information Security Management System ISO/IEC 27001:2005
Information Security Management System ISO/IEC 27001:2005
ControlCase
 
A Big Picture of IEC 62443 - Cybersecurity Webinar (2) 2020
A Big Picture of IEC 62443 - Cybersecurity Webinar (2) 2020A Big Picture of IEC 62443 - Cybersecurity Webinar (2) 2020
A Big Picture of IEC 62443 - Cybersecurity Webinar (2) 2020
Jiunn-Jer Sun
 
CISSP - Chapter 1 - Security Concepts
CISSP - Chapter 1 - Security ConceptsCISSP - Chapter 1 - Security Concepts
CISSP - Chapter 1 - Security Concepts
Karthikeyan Dhayalan
 
Threat hunting for Beginners
Threat hunting for BeginnersThreat hunting for Beginners
Threat hunting for Beginners
SKMohamedKasim
 
Rothke secure360 building a security operations center (soc)
Rothke   secure360 building a security operations center (soc)Rothke   secure360 building a security operations center (soc)
Rothke secure360 building a security operations center (soc)
Ben Rothke
 

What's hot (20)

What is SIEM? A Brilliant Guide to the Basics
What is SIEM? A Brilliant Guide to the BasicsWhat is SIEM? A Brilliant Guide to the Basics
What is SIEM? A Brilliant Guide to the Basics
 
QRadar Architecture.pdf
QRadar Architecture.pdfQRadar Architecture.pdf
QRadar Architecture.pdf
 
IBM QRadar Security Intelligence Overview
IBM QRadar Security Intelligence OverviewIBM QRadar Security Intelligence Overview
IBM QRadar Security Intelligence Overview
 
IBM QRadar BB & Rules
IBM QRadar BB & RulesIBM QRadar BB & Rules
IBM QRadar BB & Rules
 
Roadmap to security operations excellence
Roadmap to security operations excellenceRoadmap to security operations excellence
Roadmap to security operations excellence
 
ISO 27001 Awareness/TRansition.pptx
ISO 27001 Awareness/TRansition.pptxISO 27001 Awareness/TRansition.pptx
ISO 27001 Awareness/TRansition.pptx
 
Threat Hunting
Threat HuntingThreat Hunting
Threat Hunting
 
SIEM presentation final
SIEM presentation finalSIEM presentation final
SIEM presentation final
 
From SIEM to SOC: Crossing the Cybersecurity Chasm
From SIEM to SOC: Crossing the Cybersecurity ChasmFrom SIEM to SOC: Crossing the Cybersecurity Chasm
From SIEM to SOC: Crossing the Cybersecurity Chasm
 
Effective Security Operation Center - present by Reza Adineh
Effective Security Operation Center - present by Reza AdinehEffective Security Operation Center - present by Reza Adineh
Effective Security Operation Center - present by Reza Adineh
 
Detecting modern PowerShell attacks with SIEM
Detecting modern PowerShell attacks with SIEMDetecting modern PowerShell attacks with SIEM
Detecting modern PowerShell attacks with SIEM
 
Secure Systems Security and ISA99- IEC62443
Secure Systems Security and ISA99- IEC62443Secure Systems Security and ISA99- IEC62443
Secure Systems Security and ISA99- IEC62443
 
SOC Architecture Workshop - Part 1
SOC Architecture Workshop - Part 1SOC Architecture Workshop - Part 1
SOC Architecture Workshop - Part 1
 
Wazuh Security Platform
Wazuh Security PlatformWazuh Security Platform
Wazuh Security Platform
 
Introduction: CISSP Certification
Introduction: CISSP CertificationIntroduction: CISSP Certification
Introduction: CISSP Certification
 
Information Security Management System ISO/IEC 27001:2005
Information Security Management System ISO/IEC 27001:2005Information Security Management System ISO/IEC 27001:2005
Information Security Management System ISO/IEC 27001:2005
 
A Big Picture of IEC 62443 - Cybersecurity Webinar (2) 2020
A Big Picture of IEC 62443 - Cybersecurity Webinar (2) 2020A Big Picture of IEC 62443 - Cybersecurity Webinar (2) 2020
A Big Picture of IEC 62443 - Cybersecurity Webinar (2) 2020
 
CISSP - Chapter 1 - Security Concepts
CISSP - Chapter 1 - Security ConceptsCISSP - Chapter 1 - Security Concepts
CISSP - Chapter 1 - Security Concepts
 
Threat hunting for Beginners
Threat hunting for BeginnersThreat hunting for Beginners
Threat hunting for Beginners
 
Rothke secure360 building a security operations center (soc)
Rothke   secure360 building a security operations center (soc)Rothke   secure360 building a security operations center (soc)
Rothke secure360 building a security operations center (soc)
 

Similar to Qradar - Reports.pdf

User Interface and Data Sources.pdf
User Interface and Data Sources.pdfUser Interface and Data Sources.pdf
User Interface and Data Sources.pdf
PencilData
 
Effective Security Monitoring for IBM i: What You Need to Know
Effective Security Monitoring for IBM i: What You Need to KnowEffective Security Monitoring for IBM i: What You Need to Know
Effective Security Monitoring for IBM i: What You Need to Know
Precisely
 
AAI-3281 Smarter Production with WebSphere Application Server ND Intelligent ...
AAI-3281 Smarter Production with WebSphere Application Server ND Intelligent ...AAI-3281 Smarter Production with WebSphere Application Server ND Intelligent ...
AAI-3281 Smarter Production with WebSphere Application Server ND Intelligent ...
WASdev Community
 
Cutting Through the Software License Jungle: Stay Safe and Control Costs
Cutting Through the Software License Jungle: Stay Safe and Control CostsCutting Through the Software License Jungle: Stay Safe and Control Costs
Cutting Through the Software License Jungle: Stay Safe and Control Costs
IBM Security
 
Monitoring and Reporting on IBM i Compliance and Security
Monitoring and Reporting on IBM i Compliance and SecurityMonitoring and Reporting on IBM i Compliance and Security
Monitoring and Reporting on IBM i Compliance and Security
Precisely
 
IBM Security intelligence v1 - ahmed el nahas
IBM Security intelligence v1 - ahmed el nahasIBM Security intelligence v1 - ahmed el nahas
IBM Security intelligence v1 - ahmed el nahas
Shwetank Jayaswal
 
Ibm q radar_blind_references
Ibm q radar_blind_referencesIbm q radar_blind_references
Ibm q radar_blind_references
Maarten Werff
 
Session 2546 - Solving Performance Problems in CICS using CICS Performance A...
Session 2546 -  Solving Performance Problems in CICS using CICS Performance A...Session 2546 -  Solving Performance Problems in CICS using CICS Performance A...
Session 2546 - Solving Performance Problems in CICS using CICS Performance A...
nick_garrod
 
IBM Relay 2015: Securing the Future
IBM Relay 2015: Securing the Future IBM Relay 2015: Securing the Future
IBM Relay 2015: Securing the Future
IBM
 
MaaS360 - Mobile Expense Management
MaaS360 - Mobile Expense ManagementMaaS360 - Mobile Expense Management
MaaS360 - Mobile Expense Management
Darryl Miles
 
IBM MQ on cloud and containers
IBM MQ on cloud and containersIBM MQ on cloud and containers
IBM MQ on cloud and containers
Robert Parker
 
Why Ibm cloud private
Why Ibm cloud private Why Ibm cloud private
Why Ibm cloud private
Shikha Srivastava
 
4 florin coada - dast automation, more value for less work
4   florin coada - dast automation, more value for less work4   florin coada - dast automation, more value for less work
4 florin coada - dast automation, more value for less work
Ievgenii Katsan
 
Compliance and Audit Readiness: The DevOps Killer?
Compliance and Audit Readiness: The DevOps Killer?Compliance and Audit Readiness: The DevOps Killer?
Compliance and Audit Readiness: The DevOps Killer?
DevOps.com
 
Government Webinar: RMF, DISA STIG, and NIST FISMA Compliance Using SolarWinds
Government Webinar: RMF, DISA STIG, and NIST FISMA Compliance Using SolarWindsGovernment Webinar: RMF, DISA STIG, and NIST FISMA Compliance Using SolarWinds
Government Webinar: RMF, DISA STIG, and NIST FISMA Compliance Using SolarWinds
SolarWinds
 
App store and SAM strategy
App store and SAM strategyApp store and SAM strategy
App store and SAM strategy
RMayo22
 
Government Agencies Using Splunk: Is Your Critical Data Missing?
Government Agencies Using Splunk: Is Your Critical Data Missing?Government Agencies Using Splunk: Is Your Critical Data Missing?
Government Agencies Using Splunk: Is Your Critical Data Missing?
Precisely
 
Integrated Response with v32 of IBM Resilient
Integrated Response with v32 of IBM ResilientIntegrated Response with v32 of IBM Resilient
Integrated Response with v32 of IBM Resilient
IBM Security
 
3 Enablers of Successful Cyber Attacks and How to Thwart Them
3 Enablers of Successful Cyber Attacks and How to Thwart Them3 Enablers of Successful Cyber Attacks and How to Thwart Them
3 Enablers of Successful Cyber Attacks and How to Thwart Them
IBM Security
 
Ironstream for IBM i - Enabling Splunk Insight into Key Security and Operatio...
Ironstream for IBM i - Enabling Splunk Insight into Key Security and Operatio...Ironstream for IBM i - Enabling Splunk Insight into Key Security and Operatio...
Ironstream for IBM i - Enabling Splunk Insight into Key Security and Operatio...
Precisely
 

Similar to Qradar - Reports.pdf (20)

User Interface and Data Sources.pdf
User Interface and Data Sources.pdfUser Interface and Data Sources.pdf
User Interface and Data Sources.pdf
 
Effective Security Monitoring for IBM i: What You Need to Know
Effective Security Monitoring for IBM i: What You Need to KnowEffective Security Monitoring for IBM i: What You Need to Know
Effective Security Monitoring for IBM i: What You Need to Know
 
AAI-3281 Smarter Production with WebSphere Application Server ND Intelligent ...
AAI-3281 Smarter Production with WebSphere Application Server ND Intelligent ...AAI-3281 Smarter Production with WebSphere Application Server ND Intelligent ...
AAI-3281 Smarter Production with WebSphere Application Server ND Intelligent ...
 
Cutting Through the Software License Jungle: Stay Safe and Control Costs
Cutting Through the Software License Jungle: Stay Safe and Control CostsCutting Through the Software License Jungle: Stay Safe and Control Costs
Cutting Through the Software License Jungle: Stay Safe and Control Costs
 
Monitoring and Reporting on IBM i Compliance and Security
Monitoring and Reporting on IBM i Compliance and SecurityMonitoring and Reporting on IBM i Compliance and Security
Monitoring and Reporting on IBM i Compliance and Security
 
IBM Security intelligence v1 - ahmed el nahas
IBM Security intelligence v1 - ahmed el nahasIBM Security intelligence v1 - ahmed el nahas
IBM Security intelligence v1 - ahmed el nahas
 
Ibm q radar_blind_references
Ibm q radar_blind_referencesIbm q radar_blind_references
Ibm q radar_blind_references
 
Session 2546 - Solving Performance Problems in CICS using CICS Performance A...
Session 2546 -  Solving Performance Problems in CICS using CICS Performance A...Session 2546 -  Solving Performance Problems in CICS using CICS Performance A...
Session 2546 - Solving Performance Problems in CICS using CICS Performance A...
 
IBM Relay 2015: Securing the Future
IBM Relay 2015: Securing the Future IBM Relay 2015: Securing the Future
IBM Relay 2015: Securing the Future
 
MaaS360 - Mobile Expense Management
MaaS360 - Mobile Expense ManagementMaaS360 - Mobile Expense Management
MaaS360 - Mobile Expense Management
 
IBM MQ on cloud and containers
IBM MQ on cloud and containersIBM MQ on cloud and containers
IBM MQ on cloud and containers
 
Why Ibm cloud private
Why Ibm cloud private Why Ibm cloud private
Why Ibm cloud private
 
4 florin coada - dast automation, more value for less work
4   florin coada - dast automation, more value for less work4   florin coada - dast automation, more value for less work
4 florin coada - dast automation, more value for less work
 
Compliance and Audit Readiness: The DevOps Killer?
Compliance and Audit Readiness: The DevOps Killer?Compliance and Audit Readiness: The DevOps Killer?
Compliance and Audit Readiness: The DevOps Killer?
 
Government Webinar: RMF, DISA STIG, and NIST FISMA Compliance Using SolarWinds
Government Webinar: RMF, DISA STIG, and NIST FISMA Compliance Using SolarWindsGovernment Webinar: RMF, DISA STIG, and NIST FISMA Compliance Using SolarWinds
Government Webinar: RMF, DISA STIG, and NIST FISMA Compliance Using SolarWinds
 
App store and SAM strategy
App store and SAM strategyApp store and SAM strategy
App store and SAM strategy
 
Government Agencies Using Splunk: Is Your Critical Data Missing?
Government Agencies Using Splunk: Is Your Critical Data Missing?Government Agencies Using Splunk: Is Your Critical Data Missing?
Government Agencies Using Splunk: Is Your Critical Data Missing?
 
Integrated Response with v32 of IBM Resilient
Integrated Response with v32 of IBM ResilientIntegrated Response with v32 of IBM Resilient
Integrated Response with v32 of IBM Resilient
 
3 Enablers of Successful Cyber Attacks and How to Thwart Them
3 Enablers of Successful Cyber Attacks and How to Thwart Them3 Enablers of Successful Cyber Attacks and How to Thwart Them
3 Enablers of Successful Cyber Attacks and How to Thwart Them
 
Ironstream for IBM i - Enabling Splunk Insight into Key Security and Operatio...
Ironstream for IBM i - Enabling Splunk Insight into Key Security and Operatio...Ironstream for IBM i - Enabling Splunk Insight into Key Security and Operatio...
Ironstream for IBM i - Enabling Splunk Insight into Key Security and Operatio...
 

Recently uploaded

Liberarsi dai framework con i Web Component.pptx
Liberarsi dai framework con i Web Component.pptxLiberarsi dai framework con i Web Component.pptx
Liberarsi dai framework con i Web Component.pptx
Massimo Artizzu
 
zOS Mainframe JES2-JES3 JCL-JECL Differences
zOS Mainframe JES2-JES3 JCL-JECL DifferenceszOS Mainframe JES2-JES3 JCL-JECL Differences
zOS Mainframe JES2-JES3 JCL-JECL Differences
YousufSait3
 
What next after learning python programming basics
What next after learning python programming basicsWhat next after learning python programming basics
What next after learning python programming basics
Rakesh Kumar R
 
Safelyio Toolbox Talk Softwate & App (How To Digitize Safety Meetings)
Safelyio Toolbox Talk Softwate & App (How To Digitize Safety Meetings)Safelyio Toolbox Talk Softwate & App (How To Digitize Safety Meetings)
Safelyio Toolbox Talk Softwate & App (How To Digitize Safety Meetings)
safelyiotech
 
Top Benefits of Using Salesforce Healthcare CRM for Patient Management.pdf
Top Benefits of Using Salesforce Healthcare CRM for Patient Management.pdfTop Benefits of Using Salesforce Healthcare CRM for Patient Management.pdf
Top Benefits of Using Salesforce Healthcare CRM for Patient Management.pdf
VALiNTRY360
 
fiscal year variant fiscal year variant.
fiscal year variant fiscal year variant.fiscal year variant fiscal year variant.
fiscal year variant fiscal year variant.
AnkitaPandya11
 
在线购买加拿大英属哥伦比亚大学毕业证本科学位证书原版一模一样
在线购买加拿大英属哥伦比亚大学毕业证本科学位证书原版一模一样在线购买加拿大英属哥伦比亚大学毕业证本科学位证书原版一模一样
在线购买加拿大英属哥伦比亚大学毕业证本科学位证书原版一模一样
mz5nrf0n
 
Webinar On-Demand: Using Flutter for Embedded
Webinar On-Demand: Using Flutter for EmbeddedWebinar On-Demand: Using Flutter for Embedded
Webinar On-Demand: Using Flutter for Embedded
ICS
 
一比一原版(UMN毕业证)明尼苏达大学毕业证如何办理
一比一原版(UMN毕业证)明尼苏达大学毕业证如何办理一比一原版(UMN毕业证)明尼苏达大学毕业证如何办理
一比一原版(UMN毕业证)明尼苏达大学毕业证如何办理
dakas1
 
GreenCode-A-VSCode-Plugin--Dario-Jurisic
GreenCode-A-VSCode-Plugin--Dario-JurisicGreenCode-A-VSCode-Plugin--Dario-Jurisic
GreenCode-A-VSCode-Plugin--Dario-Jurisic
Green Software Development
 
UI5con 2024 - Keynote: Latest News about UI5 and it’s Ecosystem
UI5con 2024 - Keynote: Latest News about UI5 and it’s EcosystemUI5con 2024 - Keynote: Latest News about UI5 and it’s Ecosystem
UI5con 2024 - Keynote: Latest News about UI5 and it’s Ecosystem
Peter Muessig
 
How Can Hiring A Mobile App Development Company Help Your Business Grow?
How Can Hiring A Mobile App Development Company Help Your Business Grow?How Can Hiring A Mobile App Development Company Help Your Business Grow?
How Can Hiring A Mobile App Development Company Help Your Business Grow?
ToXSL Technologies
 
原版定制美国纽约州立大学奥尔巴尼分校毕业证学位证书原版一模一样
原版定制美国纽约州立大学奥尔巴尼分校毕业证学位证书原版一模一样原版定制美国纽约州立大学奥尔巴尼分校毕业证学位证书原版一模一样
原版定制美国纽约州立大学奥尔巴尼分校毕业证学位证书原版一模一样
mz5nrf0n
 
KuberTENes Birthday Bash Guadalajara - Introducción a Argo CD
KuberTENes Birthday Bash Guadalajara - Introducción a Argo CDKuberTENes Birthday Bash Guadalajara - Introducción a Argo CD
KuberTENes Birthday Bash Guadalajara - Introducción a Argo CD
rodomar2
 
Oracle 23c New Features For DBAs and Developers.pptx
Oracle 23c New Features For DBAs and Developers.pptxOracle 23c New Features For DBAs and Developers.pptx
Oracle 23c New Features For DBAs and Developers.pptx
Remote DBA Services
 
14 th Edition of International conference on computer vision
14 th Edition of International conference on computer vision14 th Edition of International conference on computer vision
14 th Edition of International conference on computer vision
ShulagnaSarkar2
 
Artificia Intellicence and XPath Extension Functions
Artificia Intellicence and XPath Extension FunctionsArtificia Intellicence and XPath Extension Functions
Artificia Intellicence and XPath Extension Functions
Octavian Nadolu
 
一比一原版(USF毕业证)旧金山大学毕业证如何办理
一比一原版(USF毕业证)旧金山大学毕业证如何办理一比一原版(USF毕业证)旧金山大学毕业证如何办理
一比一原版(USF毕业证)旧金山大学毕业证如何办理
dakas1
 
8 Best Automated Android App Testing Tool and Framework in 2024.pdf
8 Best Automated Android App Testing Tool and Framework in 2024.pdf8 Best Automated Android App Testing Tool and Framework in 2024.pdf
8 Best Automated Android App Testing Tool and Framework in 2024.pdf
kalichargn70th171
 
UI5con 2024 - Boost Your Development Experience with UI5 Tooling Extensions
UI5con 2024 - Boost Your Development Experience with UI5 Tooling ExtensionsUI5con 2024 - Boost Your Development Experience with UI5 Tooling Extensions
UI5con 2024 - Boost Your Development Experience with UI5 Tooling Extensions
Peter Muessig
 

Recently uploaded (20)

Liberarsi dai framework con i Web Component.pptx
Liberarsi dai framework con i Web Component.pptxLiberarsi dai framework con i Web Component.pptx
Liberarsi dai framework con i Web Component.pptx
 
zOS Mainframe JES2-JES3 JCL-JECL Differences
zOS Mainframe JES2-JES3 JCL-JECL DifferenceszOS Mainframe JES2-JES3 JCL-JECL Differences
zOS Mainframe JES2-JES3 JCL-JECL Differences
 
What next after learning python programming basics
What next after learning python programming basicsWhat next after learning python programming basics
What next after learning python programming basics
 
Safelyio Toolbox Talk Softwate & App (How To Digitize Safety Meetings)
Safelyio Toolbox Talk Softwate & App (How To Digitize Safety Meetings)Safelyio Toolbox Talk Softwate & App (How To Digitize Safety Meetings)
Safelyio Toolbox Talk Softwate & App (How To Digitize Safety Meetings)
 
Top Benefits of Using Salesforce Healthcare CRM for Patient Management.pdf
Top Benefits of Using Salesforce Healthcare CRM for Patient Management.pdfTop Benefits of Using Salesforce Healthcare CRM for Patient Management.pdf
Top Benefits of Using Salesforce Healthcare CRM for Patient Management.pdf
 
fiscal year variant fiscal year variant.
fiscal year variant fiscal year variant.fiscal year variant fiscal year variant.
fiscal year variant fiscal year variant.
 
在线购买加拿大英属哥伦比亚大学毕业证本科学位证书原版一模一样
在线购买加拿大英属哥伦比亚大学毕业证本科学位证书原版一模一样在线购买加拿大英属哥伦比亚大学毕业证本科学位证书原版一模一样
在线购买加拿大英属哥伦比亚大学毕业证本科学位证书原版一模一样
 
Webinar On-Demand: Using Flutter for Embedded
Webinar On-Demand: Using Flutter for EmbeddedWebinar On-Demand: Using Flutter for Embedded
Webinar On-Demand: Using Flutter for Embedded
 
一比一原版(UMN毕业证)明尼苏达大学毕业证如何办理
一比一原版(UMN毕业证)明尼苏达大学毕业证如何办理一比一原版(UMN毕业证)明尼苏达大学毕业证如何办理
一比一原版(UMN毕业证)明尼苏达大学毕业证如何办理
 
GreenCode-A-VSCode-Plugin--Dario-Jurisic
GreenCode-A-VSCode-Plugin--Dario-JurisicGreenCode-A-VSCode-Plugin--Dario-Jurisic
GreenCode-A-VSCode-Plugin--Dario-Jurisic
 
UI5con 2024 - Keynote: Latest News about UI5 and it’s Ecosystem
UI5con 2024 - Keynote: Latest News about UI5 and it’s EcosystemUI5con 2024 - Keynote: Latest News about UI5 and it’s Ecosystem
UI5con 2024 - Keynote: Latest News about UI5 and it’s Ecosystem
 
How Can Hiring A Mobile App Development Company Help Your Business Grow?
How Can Hiring A Mobile App Development Company Help Your Business Grow?How Can Hiring A Mobile App Development Company Help Your Business Grow?
How Can Hiring A Mobile App Development Company Help Your Business Grow?
 
原版定制美国纽约州立大学奥尔巴尼分校毕业证学位证书原版一模一样
原版定制美国纽约州立大学奥尔巴尼分校毕业证学位证书原版一模一样原版定制美国纽约州立大学奥尔巴尼分校毕业证学位证书原版一模一样
原版定制美国纽约州立大学奥尔巴尼分校毕业证学位证书原版一模一样
 
KuberTENes Birthday Bash Guadalajara - Introducción a Argo CD
KuberTENes Birthday Bash Guadalajara - Introducción a Argo CDKuberTENes Birthday Bash Guadalajara - Introducción a Argo CD
KuberTENes Birthday Bash Guadalajara - Introducción a Argo CD
 
Oracle 23c New Features For DBAs and Developers.pptx
Oracle 23c New Features For DBAs and Developers.pptxOracle 23c New Features For DBAs and Developers.pptx
Oracle 23c New Features For DBAs and Developers.pptx
 
14 th Edition of International conference on computer vision
14 th Edition of International conference on computer vision14 th Edition of International conference on computer vision
14 th Edition of International conference on computer vision
 
Artificia Intellicence and XPath Extension Functions
Artificia Intellicence and XPath Extension FunctionsArtificia Intellicence and XPath Extension Functions
Artificia Intellicence and XPath Extension Functions
 
一比一原版(USF毕业证)旧金山大学毕业证如何办理
一比一原版(USF毕业证)旧金山大学毕业证如何办理一比一原版(USF毕业证)旧金山大学毕业证如何办理
一比一原版(USF毕业证)旧金山大学毕业证如何办理
 
8 Best Automated Android App Testing Tool and Framework in 2024.pdf
8 Best Automated Android App Testing Tool and Framework in 2024.pdf8 Best Automated Android App Testing Tool and Framework in 2024.pdf
8 Best Automated Android App Testing Tool and Framework in 2024.pdf
 
UI5con 2024 - Boost Your Development Experience with UI5 Tooling Extensions
UI5con 2024 - Boost Your Development Experience with UI5 Tooling ExtensionsUI5con 2024 - Boost Your Development Experience with UI5 Tooling Extensions
UI5con 2024 - Boost Your Development Experience with UI5 Tooling Extensions
 

Qradar - Reports.pdf

  • 3. 3 IBM Security Reporting introduction • A QRadar SIEM report is a means of scheduling and automating one or more saved searches • QRadar SIEM reports perform the following tasks ̶ Present measurements and statistics derived from events, flows, and offenses ̶ Provide users the ability to create custom reports ̶ Can brand reports and distribute them • Predefined report templates serve a multitude of purposes, such as the following examples ̶ Regulatory compliance ̶ Authentication activity ̶ Operational status ̶ Network status ̶ Executive summaries
  • 4. 4 IBM Security Reports tab You can search and sort report templates in a similar way as events and flows
  • 5. 5 IBM Security • QRadar SIEM and extensions provide many report templates ̶ Before you create a new template, check the installed templates and the templates provided by extensions available on the IBM App Exchange Finding a report Search: Display report templates whose title, description, group name, or author user name matches the search criteria Reporting Groups: Display report templates of a reporting group Hide Inactive Reports: Disable to display all inactive report templates IBM App Exchange: QRadar SIEM administrators can add more report templates by downloading and installing extensions © COPYRIGHT IBM CORPORATION 2017 5
  • 6. 6 IBM Security Running a report Toggle scheduling: Toggle the active and inactive state of the selected template Run Report on Raw Data: Generate a report on raw data if QRadar SIEM has not captured the required time- series data Run Report: Generate a report for the selected report template immediately, regardless of its schedule or active/inactive state Delete Generated Content: Delete any generated report for the selected template © COPYRIGHT IBM CORPORATION 2017 6
  • 8. 8 IBM Security Selecting the generated report Estimated 34 seconds until the report is generated Select a generated report from the list and click the PDF icon to view it © COPYRIGHT IBM CORPORATION 2017 8
  • 10. 10 IBM Security Creating a new report template • To watch specific firewall activity in a daily report, create a custom report template
  • 11. 11 IBM Security Choosing a schedule The schedule determines when the report runs and the default data range to use; for example, when you select Weekly, the previous week's data (Sunday-Saturday) is selected
  • 12. 12 IBM Security Choosing a layout • QRadar SIEM uses containers to segregate report pages so that different data sets can show on the same report page
  • 13. 13 IBM Security Defining report contents
  • 14. 14 IBM Security Configuring the upper chart
  • 15. 15 IBM Security Configuring the upper chart (continued)
  • 16. 16 IBM Security Configuring the lower chart
  • 17. 17 IBM Security Configuring the lower chart (continued)
  • 18. 18 IBM Security Verifying the layout preview
  • 19. 19 IBM Security Choosing a format You can select any or all of the available formats for reports
  • 21. 21 IBM Security Adding a description and assigning the group • You can organize reports by groups much like rules and log sources • You can use reporting groups to sort report templates by purpose, such as a specific regulatory or executive requirement
  • 22. 22 IBM Security Verifying the report summary
  • 23. 23 IBM Security Viewing the generated report
  • 24. 24 IBM Security Best practices when creating reports • For comparison and review, present network traffic charts and event tables together • Consider the purpose of the report and choose the least number of page containers that is necessary to communicate the data • Do not choose a small page division for a graph that might contain a large number of objects • Executive summary reports use one-page or two-page divisions to simplify the report focus
  • 25. 25 IBM Security Best practice reports for Compliancy purposes • Usage of Service accounts • Usage of privileged user accounts • Account management actions: Creation, deletion, modification • Authorized access to sensitive data • Audit modification actions • Log collection completion • User authentications • Software and machine patch management
  • 26. 26 IBM Security Best practice reports for Monitoring purposes • Behavioral change in Service account authentication or usage • Unauthorized acces to sensitive data • Behavioral change in access to sensitive data • Change in machine network behaviour • Audit trail clearance • Log collection failures • Virus checker alerts • Endpoint management alerts • Critical resource patch failure
  • 27. ibm.com/security securityintelligence.com xforce.ibmcloud.com @ibmsecurity youtube/user/ibmsecuritysolutions © Copyright IBM Corporation 2016. All rights reserved. The information contained in these materials is provided for informational purposes only, and is provided AS IS without warranty of any kind, express or implied. Any statement of direction represents IBM's current intent, is subject to change or withdrawal, and represent only goals and objectives. IBM, the IBM logo, and other IBM products and services are trademarks of the International Business Machines Corporation, in the United States, other countries or both. Other company, product, or service names may be trademarks or service marks of others. Statement of Good Security Practices: IT system security involves protecting systems and information through prevention, detection and response to improper access from within and outside your enterprise. Improper access can result in information being altered, destroyed, misappropriated or misused or can result in damage to or misuse of your systems, including for use in attacks on others. No IT system or product should be considered completely secure and no single product, service or security measure can be completely effective in preventing improper use or access. IBM systems, products and services are designed to be part of a lawful, comprehensive security approach, which will necessarily involve additional operational procedures, and may require other systems, products or services to be most effective. IBM does not warrant that any systems, products or services are immune from, or will make your enterprise immune from, the malicious or illegal conduct of any party. FOLLOW US ON: THANK YOU