SlideShare a Scribd company logo
IBM Security
QRadar SIEM Foundations
User Interface and Dashboard
2 IBM Security
QRadar SIEM tabs
Use tabs to navigate the primary QRadar SIEM functions
• Dashboard: The initial summary view
• Offenses: Displays offenses; list of prioritized incidents
• Log Activity: Query and display events
• Network Activity: Query and display flows
• Assets: Query and display information about systems in your network
• Reports: Create templates and generate reports
• Admin: Administrative system management
• Other Tabs – Vulnerability Management Risk Management, Incident Forensics
(Requires Additional License), Apps installed from the App Exchange
3 IBM Security
Other menu options
The dashboard has the following additional menu options
• User Preferences
• Help
• Log out
4 IBM Security
Accessing help
© COPYRIGHT IBM CORPORATION 2017
Question mark icon:
Open context-
sensitive help for the
currently displayed
feature in a new
browser window.
The browser does not
require internet
access because the
Console appliance
provides the context-
sensitive help
QRadar Help Contents:
Open the IBM Knowledge Center in a new
browser tab. The browser requires internet
access
4
5 IBM Security
Dashboard overview
• QRadar SIEM shows the Dashboard tab when you log in
• Several default dashboards are available
• You can create multiple dashboards
• Each dashboard can contain items that provide summary and detailed information
• You can create custom dashboards to focus on your security or operations
responsibilities
• Each dashboard is associated with a user; changes that you make to a dashboard
do not affect the dashboards of other users
6 IBM Security
Dashboard tab
The Dashboard
tab displays
Dashboard
items.
6
7 IBM Security
New Dashboard:
Create a new empty
dashboard
Dashboards
̶ Dashboards are like a canvas for dashboard items
̶ You can create custom dashboards to focus on your security or operations responsibilities
̶ Each dashboard is associated with a user; changes that you make to a dashboard do not
affect the dashboards of other users
© COPYRIGHT IBM CORPORATION 2017
Rename Dashboard:
Rename the currently
selected dashboard
Delete Dashboard:
Delete the currently
selected dashboard
Show Dashboard:
Select a dashboard to
display its items
7
8 IBM Security
Adding a saved search as a dashboard item
• You can only add a saved search, that has a grouping, as a dashboard item
• More than 15 items on a dashboard can negatively impact performance
© COPYRIGHT IBM CORPORATION 2017
8
9 IBM Security
Adding a saved search as a dashboard item (continued)
You can add searches with a grouping that you created yourself
© COPYRIGHT IBM CORPORATION 2017
9
10 IBM Security
Adding a saved search as a dashboard item (continued)
• Items are added at the bottom of dashboards
• Press the header of an item to move it
© COPYRIGHT IBM CORPORATION 2017
10
11 IBM Security
Enabling a search to be used as a dashboard item
© COPYRIGHT IBM CORPORATION 2017
Include in my Dashboard:
Add the search to the Add
item drop-down list on the
Dashboard tab
11
Data Sources
13 IBM Security
Collecting data: Data sources
Use the Data Sources tools to manage event, flow, and vulnerability data.
14 IBM Security
Log sources through traffic analysis
QRadar SIEM can automatically discover log sources in your deployment that send syslog-only
messages to an Event Collector IP address.
15 IBM Security
Adding log sources (1/2)
To add a log source:
1.In the Data Sources window, click the
Log Sources icon.
2.Click the Add icon on the upper-right
side of the window.
3.Select and complete the associated
fields in the Add a log source pane.
4.Click Save.
5.Deploy the change.
16 IBM Security
Adding log sources (2/2)
Because it is dependent on the
Log Source Type selected, the
Add a log source pane expands
to reflect the specific Type
parameters and values used in
QRadar SIEM.
17 IBM Security
Adding log source extensions
• Log source extensions immediately extend the parsing routines of specific devices.
• Note: You must use a log source extension to detect an event that has missing or incorrect
fields.
• A log source extension can also parse an event when the DSM it is attached to fails to produce
a result.
• You must create the extension document before you can define a log source extension within
QRadar SIEM.
• If you use the DSM Editor tool, Log Source Extensions are automatically created and uploaded
(recommended)
18 IBM Security
Log source parsing order
• You can configure the order that you want each Event Collector in your
deployment to use to apply DSMs to log sources.
• If a log source has multiple Log Source Types under the same
IP address or host name, you can order the importance of these incoming log
source events by defining the parsing order.
19 IBM Security
Other Supported Formats
• Universal CEF
̶ Accepts events from any device that produces events in the Common Event Format (CEF)
from Syslog or Log File
• Universal LEEF
̶ Accept events from devices that produce events using the Log Event Extended Format
(LEEF) from Syslog of Log File
̶ Proprietary event format, which allows hardware manufacturers and software product
manufacturers to read and map device events specifically designed for QRadar integration
̶ Both Universal CEF and LEEF events must be mapped. They do not contain QID (Qradar
Identifier) to categorize events
20 IBM Security
Managing flow sources
• QRadar SIEM accepts external flow data from various sources such as the following
accounting technologies:
̶ NetFlow: Protocol defined by Cisco to share accounting information from switches and
routers
̶ IPFIX: Protocol defined by IETF to share accounting information from switches and routers
(NetFlow V9 resembles IPFIX)
̶ sFlow: Advanced packet sampling technique and protocol used for network monitoring
̶ J-Flow: Packet sampling technique and protocol developed by Juniper
̶ Packeteer: Protocol developed by Bluecoat that is used for bandwidth management
̶ Flowlog file: A flow log file as stored in the Ariel data structure
• QRadar SIEM accepts internal flow data from the NICs using qFlow, Napatech, and
Endace.
21 IBM Security
Adding a flow source
• QRadar SIEM automatically adds default flow sources for physical ports on the appliance and
includes a default NetFlow flow source.
• In the Data Sources window, click the Flow Sources icon.
Click Save
and then
Deploy
Changes.
Click Add.
Source File Path: Enter the
location of the flow file.
Flow Source Type:
Select a Flow Source
Type.
22 IBM Security
Adding a flow source with asymmetric routing
In some networks, traffic is configured to take different paths for inbound and outbound traffic.
QRadar can combine the traffic into a single flow.
Choose a Flow
Source Type.
Click Enable
Asymmetric Flows.
Complete these
fields.
Click Save and
then Deploy
Changes.
23 IBM Security
Flow source aliases
• You can configure a virtual name (or alias) for
flow sources.
• Using the source IP address and virtual name, you can identify multiple sources being sent to
the same QRadar QFlow Collector.
• QRadar QFlow Collector can use an alias to uniquely identify and process data sources being
sent to the same port.
Note: Use the Deployment Actions in System and License Management to configure the QRadar
QFlow Collector to automatically detect flow-source aliases.
24 IBM Security
Adding a flow source alias
To add a flow source alias:
1.Click the Admin tab.
2.Click the Flow Aliases icon.
Click Add.
IP: Type the IP address of
the flow source alias.
Name: Type a unique name for
the flow source alias.
Click Save and
then Deploy
Changes.
ibm.com/security
securityintelligence.com
xforce.ibmcloud.com
@ibmsecurity
youtube/user/ibmsecuritysolutions
© Copyright IBM Corporation 2016. All rights reserved. The information contained in these materials is provided for informational purposes only, and is provided AS IS without warranty of any kind,
express or implied. Any statement of direction represents IBM's current intent, is subject to change or withdrawal, and represent only goals and objectives. IBM, the IBM logo, and other IBM products
and services are trademarks of the International Business Machines Corporation, in the United States, other countries or both. Other company, product, or service names may be trademarks or service
marks of others.
Statement of Good Security Practices: IT system security involves protecting systems and information through prevention, detection and response to improper access from within and outside your
enterprise. Improper access can result in information being altered, destroyed, misappropriated or misused or can result in damage to or misuse of your systems, including for use in attacks on others.
No IT system or product should be considered completely secure and no single product, service or security measure can be completely effective in preventing improper use or access. IBM systems,
products and services are designed to be part of a lawful, comprehensive security approach, which will necessarily involve additional operational procedures, and may require other systems, products
or services to be most effective. IBM does not warrant that any systems, products or services are immune from, or will make your enterprise immune from, the malicious or illegal conduct of any party.
FOLLOW US ON:
THANK YOU

More Related Content

Similar to User Interface and Data Sources.pdf

4 florin coada - dast automation, more value for less work
4   florin coada - dast automation, more value for less work4   florin coada - dast automation, more value for less work
4 florin coada - dast automation, more value for less work
Ievgenii Katsan
 
Windows Debugging Tools - JavaOne 2013
Windows Debugging Tools - JavaOne 2013Windows Debugging Tools - JavaOne 2013
Windows Debugging Tools - JavaOne 2013
MattKilner
 
Cutting Through the Software License Jungle: Stay Safe and Control Costs
Cutting Through the Software License Jungle: Stay Safe and Control CostsCutting Through the Software License Jungle: Stay Safe and Control Costs
Cutting Through the Software License Jungle: Stay Safe and Control Costs
IBM Security
 
IBM SmartCloud Entry
IBM SmartCloud EntryIBM SmartCloud Entry
IBM SmartCloud Entry
IBM India Smarter Computing
 
Monitoring and Reporting on IBM i Compliance and Security
Monitoring and Reporting on IBM i Compliance and SecurityMonitoring and Reporting on IBM i Compliance and Security
Monitoring and Reporting on IBM i Compliance and Security
Precisely
 
IBM Relay 2015: Securing the Future
IBM Relay 2015: Securing the Future IBM Relay 2015: Securing the Future
IBM Relay 2015: Securing the Future
IBM
 
360-Degree View of IT Infrastructure with IT Operations Analytics
360-Degree View of IT Infrastructure with IT Operations Analytics360-Degree View of IT Infrastructure with IT Operations Analytics
360-Degree View of IT Infrastructure with IT Operations Analytics
Precisely
 
SHARE2016: DevOps - IIB Administration for Continuous Delivery and DevOps
SHARE2016:  DevOps - IIB Administration for Continuous Delivery and DevOpsSHARE2016:  DevOps - IIB Administration for Continuous Delivery and DevOps
SHARE2016: DevOps - IIB Administration for Continuous Delivery and DevOps
Rob Convery
 
S104877 cdm-data-reuse-jburg-v1809d
S104877 cdm-data-reuse-jburg-v1809dS104877 cdm-data-reuse-jburg-v1809d
S104877 cdm-data-reuse-jburg-v1809d
Tony Pearson
 
S104875 nightmares-dreams-spectrum-control-jburg-v1809h
S104875 nightmares-dreams-spectrum-control-jburg-v1809hS104875 nightmares-dreams-spectrum-control-jburg-v1809h
S104875 nightmares-dreams-spectrum-control-jburg-v1809h
Tony Pearson
 
Controlling Access to IBM i Systems and Data
Controlling Access to IBM i Systems and DataControlling Access to IBM i Systems and Data
Controlling Access to IBM i Systems and Data
Precisely
 
ENT305 Compliance and Cloud Security for Regulated Industries
ENT305 Compliance and Cloud Security for Regulated IndustriesENT305 Compliance and Cloud Security for Regulated Industries
ENT305 Compliance and Cloud Security for Regulated Industries
Amazon Web Services
 
WebSphere 6.1 admin Course 3
WebSphere 6.1 admin Course 3WebSphere 6.1 admin Course 3
WebSphere 6.1 admin Course 3
odedns
 
Combatting Intruders on IBM i with IDS
Combatting Intruders on IBM i with IDSCombatting Intruders on IBM i with IDS
Combatting Intruders on IBM i with IDS
HelpSystems
 
SIEM - Your Complete IT Security Arsenal
SIEM - Your Complete IT Security ArsenalSIEM - Your Complete IT Security Arsenal
SIEM - Your Complete IT Security Arsenal
ManageEngine EventLog Analyzer
 
Bluemix Local – Relay Options and Challenges
Bluemix Local – Relay Options and Challenges Bluemix Local – Relay Options and Challenges
Bluemix Local – Relay Options and Challenges
Eduardo Patrocinio
 
Effective Security Monitoring for IBM i: What You Need to Know
Effective Security Monitoring for IBM i: What You Need to KnowEffective Security Monitoring for IBM i: What You Need to Know
Effective Security Monitoring for IBM i: What You Need to Know
Precisely
 
Automation: Embracing the Future of SecOps
Automation: Embracing the Future of SecOpsAutomation: Embracing the Future of SecOps
Automation: Embracing the Future of SecOps
IBM Security
 
Expand Your Control of Access to IBM i Systems and Data
Expand Your Control of Access to IBM i Systems and DataExpand Your Control of Access to IBM i Systems and Data
Expand Your Control of Access to IBM i Systems and Data
Precisely
 
Government Agencies Using Splunk: Is Your Critical Data Missing?
Government Agencies Using Splunk: Is Your Critical Data Missing?Government Agencies Using Splunk: Is Your Critical Data Missing?
Government Agencies Using Splunk: Is Your Critical Data Missing?
Precisely
 

Similar to User Interface and Data Sources.pdf (20)

4 florin coada - dast automation, more value for less work
4   florin coada - dast automation, more value for less work4   florin coada - dast automation, more value for less work
4 florin coada - dast automation, more value for less work
 
Windows Debugging Tools - JavaOne 2013
Windows Debugging Tools - JavaOne 2013Windows Debugging Tools - JavaOne 2013
Windows Debugging Tools - JavaOne 2013
 
Cutting Through the Software License Jungle: Stay Safe and Control Costs
Cutting Through the Software License Jungle: Stay Safe and Control CostsCutting Through the Software License Jungle: Stay Safe and Control Costs
Cutting Through the Software License Jungle: Stay Safe and Control Costs
 
IBM SmartCloud Entry
IBM SmartCloud EntryIBM SmartCloud Entry
IBM SmartCloud Entry
 
Monitoring and Reporting on IBM i Compliance and Security
Monitoring and Reporting on IBM i Compliance and SecurityMonitoring and Reporting on IBM i Compliance and Security
Monitoring and Reporting on IBM i Compliance and Security
 
IBM Relay 2015: Securing the Future
IBM Relay 2015: Securing the Future IBM Relay 2015: Securing the Future
IBM Relay 2015: Securing the Future
 
360-Degree View of IT Infrastructure with IT Operations Analytics
360-Degree View of IT Infrastructure with IT Operations Analytics360-Degree View of IT Infrastructure with IT Operations Analytics
360-Degree View of IT Infrastructure with IT Operations Analytics
 
SHARE2016: DevOps - IIB Administration for Continuous Delivery and DevOps
SHARE2016:  DevOps - IIB Administration for Continuous Delivery and DevOpsSHARE2016:  DevOps - IIB Administration for Continuous Delivery and DevOps
SHARE2016: DevOps - IIB Administration for Continuous Delivery and DevOps
 
S104877 cdm-data-reuse-jburg-v1809d
S104877 cdm-data-reuse-jburg-v1809dS104877 cdm-data-reuse-jburg-v1809d
S104877 cdm-data-reuse-jburg-v1809d
 
S104875 nightmares-dreams-spectrum-control-jburg-v1809h
S104875 nightmares-dreams-spectrum-control-jburg-v1809hS104875 nightmares-dreams-spectrum-control-jburg-v1809h
S104875 nightmares-dreams-spectrum-control-jburg-v1809h
 
Controlling Access to IBM i Systems and Data
Controlling Access to IBM i Systems and DataControlling Access to IBM i Systems and Data
Controlling Access to IBM i Systems and Data
 
ENT305 Compliance and Cloud Security for Regulated Industries
ENT305 Compliance and Cloud Security for Regulated IndustriesENT305 Compliance and Cloud Security for Regulated Industries
ENT305 Compliance and Cloud Security for Regulated Industries
 
WebSphere 6.1 admin Course 3
WebSphere 6.1 admin Course 3WebSphere 6.1 admin Course 3
WebSphere 6.1 admin Course 3
 
Combatting Intruders on IBM i with IDS
Combatting Intruders on IBM i with IDSCombatting Intruders on IBM i with IDS
Combatting Intruders on IBM i with IDS
 
SIEM - Your Complete IT Security Arsenal
SIEM - Your Complete IT Security ArsenalSIEM - Your Complete IT Security Arsenal
SIEM - Your Complete IT Security Arsenal
 
Bluemix Local – Relay Options and Challenges
Bluemix Local – Relay Options and Challenges Bluemix Local – Relay Options and Challenges
Bluemix Local – Relay Options and Challenges
 
Effective Security Monitoring for IBM i: What You Need to Know
Effective Security Monitoring for IBM i: What You Need to KnowEffective Security Monitoring for IBM i: What You Need to Know
Effective Security Monitoring for IBM i: What You Need to Know
 
Automation: Embracing the Future of SecOps
Automation: Embracing the Future of SecOpsAutomation: Embracing the Future of SecOps
Automation: Embracing the Future of SecOps
 
Expand Your Control of Access to IBM i Systems and Data
Expand Your Control of Access to IBM i Systems and DataExpand Your Control of Access to IBM i Systems and Data
Expand Your Control of Access to IBM i Systems and Data
 
Government Agencies Using Splunk: Is Your Critical Data Missing?
Government Agencies Using Splunk: Is Your Critical Data Missing?Government Agencies Using Splunk: Is Your Critical Data Missing?
Government Agencies Using Splunk: Is Your Critical Data Missing?
 

More from PencilData

Sun硬件产品介绍
Sun硬件产品介绍Sun硬件产品介绍
Sun硬件产品介绍
PencilData
 
Sun-Product-line-Update-V2.pdf
Sun-Product-line-Update-V2.pdfSun-Product-line-Update-V2.pdf
Sun-Product-line-Update-V2.pdf
PencilData
 
SUN+Oracle存储产品介绍
SUN+Oracle存储产品介绍SUN+Oracle存储产品介绍
SUN+Oracle存储产品介绍
PencilData
 
SUN主机产品介绍.ppt
SUN主机产品介绍.pptSUN主机产品介绍.ppt
SUN主机产品介绍.ppt
PencilData
 
Sun全线硬件产品.ppt
Sun全线硬件产品.pptSun全线硬件产品.ppt
Sun全线硬件产品.ppt
PencilData
 
QRadar Architecture.pdf
QRadar Architecture.pdfQRadar Architecture.pdf
QRadar Architecture.pdf
PencilData
 
Introduction to QRadar
Introduction to QRadarIntroduction to QRadar
Introduction to QRadar
PencilData
 

More from PencilData (7)

Sun硬件产品介绍
Sun硬件产品介绍Sun硬件产品介绍
Sun硬件产品介绍
 
Sun-Product-line-Update-V2.pdf
Sun-Product-line-Update-V2.pdfSun-Product-line-Update-V2.pdf
Sun-Product-line-Update-V2.pdf
 
SUN+Oracle存储产品介绍
SUN+Oracle存储产品介绍SUN+Oracle存储产品介绍
SUN+Oracle存储产品介绍
 
SUN主机产品介绍.ppt
SUN主机产品介绍.pptSUN主机产品介绍.ppt
SUN主机产品介绍.ppt
 
Sun全线硬件产品.ppt
Sun全线硬件产品.pptSun全线硬件产品.ppt
Sun全线硬件产品.ppt
 
QRadar Architecture.pdf
QRadar Architecture.pdfQRadar Architecture.pdf
QRadar Architecture.pdf
 
Introduction to QRadar
Introduction to QRadarIntroduction to QRadar
Introduction to QRadar
 

Recently uploaded

Private Girls Call Navi Mumbai 🛵🚡9820252231 💃 Choose Best And Top Girl Servic...
Private Girls Call Navi Mumbai 🛵🚡9820252231 💃 Choose Best And Top Girl Servic...Private Girls Call Navi Mumbai 🛵🚡9820252231 💃 Choose Best And Top Girl Servic...
Private Girls Call Navi Mumbai 🛵🚡9820252231 💃 Choose Best And Top Girl Servic...
902basic
 
Fantastic Design Patterns and Where to use them No Notes.pdf
Fantastic Design Patterns and Where to use them No Notes.pdfFantastic Design Patterns and Where to use them No Notes.pdf
Fantastic Design Patterns and Where to use them No Notes.pdf
6m9p7qnjj8
 
AI - Your Startup Sidekick (Leveraging AI to Bootstrap a Lean Startup).pdf
AI - Your Startup Sidekick (Leveraging AI to Bootstrap a Lean Startup).pdfAI - Your Startup Sidekick (Leveraging AI to Bootstrap a Lean Startup).pdf
AI - Your Startup Sidekick (Leveraging AI to Bootstrap a Lean Startup).pdf
Daniel Zivkovic
 
Celebrity Girls Call Mumbai 9920725232 Unlimited Short Providing Girls Servic...
Celebrity Girls Call Mumbai 9920725232 Unlimited Short Providing Girls Servic...Celebrity Girls Call Mumbai 9920725232 Unlimited Short Providing Girls Servic...
Celebrity Girls Call Mumbai 9920725232 Unlimited Short Providing Girls Servic...
45unexpected
 
Agra Girls Call Agra 0X0000000X Unlimited Short Providing Girls Service Avail...
Agra Girls Call Agra 0X0000000X Unlimited Short Providing Girls Service Avail...Agra Girls Call Agra 0X0000000X Unlimited Short Providing Girls Service Avail...
Agra Girls Call Agra 0X0000000X Unlimited Short Providing Girls Service Avail...
rachitkumar09887
 
TEQnation 2024: Sustainable Software: May the Green Code Be with You
TEQnation 2024: Sustainable Software: May the Green Code Be with YouTEQnation 2024: Sustainable Software: May the Green Code Be with You
TEQnation 2024: Sustainable Software: May the Green Code Be with You
marcofolio
 
Fix Production Bugs Quickly - The Power of Structured Logging in Ruby on Rail...
Fix Production Bugs Quickly - The Power of Structured Logging in Ruby on Rail...Fix Production Bugs Quickly - The Power of Structured Logging in Ruby on Rail...
Fix Production Bugs Quickly - The Power of Structured Logging in Ruby on Rail...
John Gallagher
 
06. Ruby Array & Hash - Ruby Core Teaching
06. Ruby Array & Hash - Ruby Core Teaching06. Ruby Array & Hash - Ruby Core Teaching
06. Ruby Array & Hash - Ruby Core Teaching
quanhoangd129
 
DSD-INT 2024 Rainfall nowcasting – now and then - Uijlenhoet
DSD-INT 2024 Rainfall nowcasting – now and then - UijlenhoetDSD-INT 2024 Rainfall nowcasting – now and then - Uijlenhoet
DSD-INT 2024 Rainfall nowcasting – now and then - Uijlenhoet
Deltares
 
PathSpotter: Exploring Tested Paths to Discover Missing Tests (FSE 2024)
PathSpotter: Exploring Tested Paths to Discover Missing Tests (FSE 2024)PathSpotter: Exploring Tested Paths to Discover Missing Tests (FSE 2024)
PathSpotter: Exploring Tested Paths to Discover Missing Tests (FSE 2024)
andrehoraa
 
Busty Girls Call Mumbai 9930245274 Unlimited Short Providing Girls Service Av...
Busty Girls Call Mumbai 9930245274 Unlimited Short Providing Girls Service Av...Busty Girls Call Mumbai 9930245274 Unlimited Short Providing Girls Service Av...
Busty Girls Call Mumbai 9930245274 Unlimited Short Providing Girls Service Av...
revolutionary575
 
Authentication Review-June -2024 AP & TS.pptx
Authentication Review-June -2024 AP & TS.pptxAuthentication Review-June -2024 AP & TS.pptx
Authentication Review-June -2024 AP & TS.pptx
DEMONDUOS
 
Verified Girls Call Mumbai 👀 9820252231 👀 Cash Payment With Room DeliveryDeli...
Verified Girls Call Mumbai 👀 9820252231 👀 Cash Payment With Room DeliveryDeli...Verified Girls Call Mumbai 👀 9820252231 👀 Cash Payment With Room DeliveryDeli...
Verified Girls Call Mumbai 👀 9820252231 👀 Cash Payment With Room DeliveryDeli...
87tomato
 
How To Fill Timesheet in TaskSprint: Quick Guide 2024
How To Fill Timesheet in TaskSprint: Quick Guide 2024How To Fill Timesheet in TaskSprint: Quick Guide 2024
How To Fill Timesheet in TaskSprint: Quick Guide 2024
TaskSprint | Employee Efficiency Software
 
04. Ruby Operators Slides - Ruby Core Teaching
04. Ruby Operators Slides - Ruby Core Teaching04. Ruby Operators Slides - Ruby Core Teaching
04. Ruby Operators Slides - Ruby Core Teaching
quanhoangd129
 
Applitools Autonomous 2.0 Sneak Peek.pdf
Applitools Autonomous 2.0 Sneak Peek.pdfApplitools Autonomous 2.0 Sneak Peek.pdf
Applitools Autonomous 2.0 Sneak Peek.pdf
Applitools
 
Celebrity Girls Call Mumbai 🛵🚡9910780858 💃 Choose Best And Top Girl Service A...
Celebrity Girls Call Mumbai 🛵🚡9910780858 💃 Choose Best And Top Girl Service A...Celebrity Girls Call Mumbai 🛵🚡9910780858 💃 Choose Best And Top Girl Service A...
Celebrity Girls Call Mumbai 🛵🚡9910780858 💃 Choose Best And Top Girl Service A...
norina2645
 
Amadeus Travel API, Amadeus Booking API, Amadeus GDS
Amadeus Travel API, Amadeus Booking API, Amadeus GDSAmadeus Travel API, Amadeus Booking API, Amadeus GDS
Amadeus Travel API, Amadeus Booking API, Amadeus GDS
aadhiyaeliza
 
ERP Software Solutions Provider in Coimbatore
ERP Software Solutions Provider in CoimbatoreERP Software Solutions Provider in Coimbatore
ERP Software Solutions Provider in Coimbatore
Nextskill Technologies
 
01. Ruby Introduction - Ruby Core Teaching
01. Ruby Introduction - Ruby Core Teaching01. Ruby Introduction - Ruby Core Teaching
01. Ruby Introduction - Ruby Core Teaching
quanhoangd129
 

Recently uploaded (20)

Private Girls Call Navi Mumbai 🛵🚡9820252231 💃 Choose Best And Top Girl Servic...
Private Girls Call Navi Mumbai 🛵🚡9820252231 💃 Choose Best And Top Girl Servic...Private Girls Call Navi Mumbai 🛵🚡9820252231 💃 Choose Best And Top Girl Servic...
Private Girls Call Navi Mumbai 🛵🚡9820252231 💃 Choose Best And Top Girl Servic...
 
Fantastic Design Patterns and Where to use them No Notes.pdf
Fantastic Design Patterns and Where to use them No Notes.pdfFantastic Design Patterns and Where to use them No Notes.pdf
Fantastic Design Patterns and Where to use them No Notes.pdf
 
AI - Your Startup Sidekick (Leveraging AI to Bootstrap a Lean Startup).pdf
AI - Your Startup Sidekick (Leveraging AI to Bootstrap a Lean Startup).pdfAI - Your Startup Sidekick (Leveraging AI to Bootstrap a Lean Startup).pdf
AI - Your Startup Sidekick (Leveraging AI to Bootstrap a Lean Startup).pdf
 
Celebrity Girls Call Mumbai 9920725232 Unlimited Short Providing Girls Servic...
Celebrity Girls Call Mumbai 9920725232 Unlimited Short Providing Girls Servic...Celebrity Girls Call Mumbai 9920725232 Unlimited Short Providing Girls Servic...
Celebrity Girls Call Mumbai 9920725232 Unlimited Short Providing Girls Servic...
 
Agra Girls Call Agra 0X0000000X Unlimited Short Providing Girls Service Avail...
Agra Girls Call Agra 0X0000000X Unlimited Short Providing Girls Service Avail...Agra Girls Call Agra 0X0000000X Unlimited Short Providing Girls Service Avail...
Agra Girls Call Agra 0X0000000X Unlimited Short Providing Girls Service Avail...
 
TEQnation 2024: Sustainable Software: May the Green Code Be with You
TEQnation 2024: Sustainable Software: May the Green Code Be with YouTEQnation 2024: Sustainable Software: May the Green Code Be with You
TEQnation 2024: Sustainable Software: May the Green Code Be with You
 
Fix Production Bugs Quickly - The Power of Structured Logging in Ruby on Rail...
Fix Production Bugs Quickly - The Power of Structured Logging in Ruby on Rail...Fix Production Bugs Quickly - The Power of Structured Logging in Ruby on Rail...
Fix Production Bugs Quickly - The Power of Structured Logging in Ruby on Rail...
 
06. Ruby Array & Hash - Ruby Core Teaching
06. Ruby Array & Hash - Ruby Core Teaching06. Ruby Array & Hash - Ruby Core Teaching
06. Ruby Array & Hash - Ruby Core Teaching
 
DSD-INT 2024 Rainfall nowcasting – now and then - Uijlenhoet
DSD-INT 2024 Rainfall nowcasting – now and then - UijlenhoetDSD-INT 2024 Rainfall nowcasting – now and then - Uijlenhoet
DSD-INT 2024 Rainfall nowcasting – now and then - Uijlenhoet
 
PathSpotter: Exploring Tested Paths to Discover Missing Tests (FSE 2024)
PathSpotter: Exploring Tested Paths to Discover Missing Tests (FSE 2024)PathSpotter: Exploring Tested Paths to Discover Missing Tests (FSE 2024)
PathSpotter: Exploring Tested Paths to Discover Missing Tests (FSE 2024)
 
Busty Girls Call Mumbai 9930245274 Unlimited Short Providing Girls Service Av...
Busty Girls Call Mumbai 9930245274 Unlimited Short Providing Girls Service Av...Busty Girls Call Mumbai 9930245274 Unlimited Short Providing Girls Service Av...
Busty Girls Call Mumbai 9930245274 Unlimited Short Providing Girls Service Av...
 
Authentication Review-June -2024 AP & TS.pptx
Authentication Review-June -2024 AP & TS.pptxAuthentication Review-June -2024 AP & TS.pptx
Authentication Review-June -2024 AP & TS.pptx
 
Verified Girls Call Mumbai 👀 9820252231 👀 Cash Payment With Room DeliveryDeli...
Verified Girls Call Mumbai 👀 9820252231 👀 Cash Payment With Room DeliveryDeli...Verified Girls Call Mumbai 👀 9820252231 👀 Cash Payment With Room DeliveryDeli...
Verified Girls Call Mumbai 👀 9820252231 👀 Cash Payment With Room DeliveryDeli...
 
How To Fill Timesheet in TaskSprint: Quick Guide 2024
How To Fill Timesheet in TaskSprint: Quick Guide 2024How To Fill Timesheet in TaskSprint: Quick Guide 2024
How To Fill Timesheet in TaskSprint: Quick Guide 2024
 
04. Ruby Operators Slides - Ruby Core Teaching
04. Ruby Operators Slides - Ruby Core Teaching04. Ruby Operators Slides - Ruby Core Teaching
04. Ruby Operators Slides - Ruby Core Teaching
 
Applitools Autonomous 2.0 Sneak Peek.pdf
Applitools Autonomous 2.0 Sneak Peek.pdfApplitools Autonomous 2.0 Sneak Peek.pdf
Applitools Autonomous 2.0 Sneak Peek.pdf
 
Celebrity Girls Call Mumbai 🛵🚡9910780858 💃 Choose Best And Top Girl Service A...
Celebrity Girls Call Mumbai 🛵🚡9910780858 💃 Choose Best And Top Girl Service A...Celebrity Girls Call Mumbai 🛵🚡9910780858 💃 Choose Best And Top Girl Service A...
Celebrity Girls Call Mumbai 🛵🚡9910780858 💃 Choose Best And Top Girl Service A...
 
Amadeus Travel API, Amadeus Booking API, Amadeus GDS
Amadeus Travel API, Amadeus Booking API, Amadeus GDSAmadeus Travel API, Amadeus Booking API, Amadeus GDS
Amadeus Travel API, Amadeus Booking API, Amadeus GDS
 
ERP Software Solutions Provider in Coimbatore
ERP Software Solutions Provider in CoimbatoreERP Software Solutions Provider in Coimbatore
ERP Software Solutions Provider in Coimbatore
 
01. Ruby Introduction - Ruby Core Teaching
01. Ruby Introduction - Ruby Core Teaching01. Ruby Introduction - Ruby Core Teaching
01. Ruby Introduction - Ruby Core Teaching
 

User Interface and Data Sources.pdf

  • 1. IBM Security QRadar SIEM Foundations User Interface and Dashboard
  • 2. 2 IBM Security QRadar SIEM tabs Use tabs to navigate the primary QRadar SIEM functions • Dashboard: The initial summary view • Offenses: Displays offenses; list of prioritized incidents • Log Activity: Query and display events • Network Activity: Query and display flows • Assets: Query and display information about systems in your network • Reports: Create templates and generate reports • Admin: Administrative system management • Other Tabs – Vulnerability Management Risk Management, Incident Forensics (Requires Additional License), Apps installed from the App Exchange
  • 3. 3 IBM Security Other menu options The dashboard has the following additional menu options • User Preferences • Help • Log out
  • 4. 4 IBM Security Accessing help © COPYRIGHT IBM CORPORATION 2017 Question mark icon: Open context- sensitive help for the currently displayed feature in a new browser window. The browser does not require internet access because the Console appliance provides the context- sensitive help QRadar Help Contents: Open the IBM Knowledge Center in a new browser tab. The browser requires internet access 4
  • 5. 5 IBM Security Dashboard overview • QRadar SIEM shows the Dashboard tab when you log in • Several default dashboards are available • You can create multiple dashboards • Each dashboard can contain items that provide summary and detailed information • You can create custom dashboards to focus on your security or operations responsibilities • Each dashboard is associated with a user; changes that you make to a dashboard do not affect the dashboards of other users
  • 6. 6 IBM Security Dashboard tab The Dashboard tab displays Dashboard items. 6
  • 7. 7 IBM Security New Dashboard: Create a new empty dashboard Dashboards ̶ Dashboards are like a canvas for dashboard items ̶ You can create custom dashboards to focus on your security or operations responsibilities ̶ Each dashboard is associated with a user; changes that you make to a dashboard do not affect the dashboards of other users © COPYRIGHT IBM CORPORATION 2017 Rename Dashboard: Rename the currently selected dashboard Delete Dashboard: Delete the currently selected dashboard Show Dashboard: Select a dashboard to display its items 7
  • 8. 8 IBM Security Adding a saved search as a dashboard item • You can only add a saved search, that has a grouping, as a dashboard item • More than 15 items on a dashboard can negatively impact performance © COPYRIGHT IBM CORPORATION 2017 8
  • 9. 9 IBM Security Adding a saved search as a dashboard item (continued) You can add searches with a grouping that you created yourself © COPYRIGHT IBM CORPORATION 2017 9
  • 10. 10 IBM Security Adding a saved search as a dashboard item (continued) • Items are added at the bottom of dashboards • Press the header of an item to move it © COPYRIGHT IBM CORPORATION 2017 10
  • 11. 11 IBM Security Enabling a search to be used as a dashboard item © COPYRIGHT IBM CORPORATION 2017 Include in my Dashboard: Add the search to the Add item drop-down list on the Dashboard tab 11
  • 13. 13 IBM Security Collecting data: Data sources Use the Data Sources tools to manage event, flow, and vulnerability data.
  • 14. 14 IBM Security Log sources through traffic analysis QRadar SIEM can automatically discover log sources in your deployment that send syslog-only messages to an Event Collector IP address.
  • 15. 15 IBM Security Adding log sources (1/2) To add a log source: 1.In the Data Sources window, click the Log Sources icon. 2.Click the Add icon on the upper-right side of the window. 3.Select and complete the associated fields in the Add a log source pane. 4.Click Save. 5.Deploy the change.
  • 16. 16 IBM Security Adding log sources (2/2) Because it is dependent on the Log Source Type selected, the Add a log source pane expands to reflect the specific Type parameters and values used in QRadar SIEM.
  • 17. 17 IBM Security Adding log source extensions • Log source extensions immediately extend the parsing routines of specific devices. • Note: You must use a log source extension to detect an event that has missing or incorrect fields. • A log source extension can also parse an event when the DSM it is attached to fails to produce a result. • You must create the extension document before you can define a log source extension within QRadar SIEM. • If you use the DSM Editor tool, Log Source Extensions are automatically created and uploaded (recommended)
  • 18. 18 IBM Security Log source parsing order • You can configure the order that you want each Event Collector in your deployment to use to apply DSMs to log sources. • If a log source has multiple Log Source Types under the same IP address or host name, you can order the importance of these incoming log source events by defining the parsing order.
  • 19. 19 IBM Security Other Supported Formats • Universal CEF ̶ Accepts events from any device that produces events in the Common Event Format (CEF) from Syslog or Log File • Universal LEEF ̶ Accept events from devices that produce events using the Log Event Extended Format (LEEF) from Syslog of Log File ̶ Proprietary event format, which allows hardware manufacturers and software product manufacturers to read and map device events specifically designed for QRadar integration ̶ Both Universal CEF and LEEF events must be mapped. They do not contain QID (Qradar Identifier) to categorize events
  • 20. 20 IBM Security Managing flow sources • QRadar SIEM accepts external flow data from various sources such as the following accounting technologies: ̶ NetFlow: Protocol defined by Cisco to share accounting information from switches and routers ̶ IPFIX: Protocol defined by IETF to share accounting information from switches and routers (NetFlow V9 resembles IPFIX) ̶ sFlow: Advanced packet sampling technique and protocol used for network monitoring ̶ J-Flow: Packet sampling technique and protocol developed by Juniper ̶ Packeteer: Protocol developed by Bluecoat that is used for bandwidth management ̶ Flowlog file: A flow log file as stored in the Ariel data structure • QRadar SIEM accepts internal flow data from the NICs using qFlow, Napatech, and Endace.
  • 21. 21 IBM Security Adding a flow source • QRadar SIEM automatically adds default flow sources for physical ports on the appliance and includes a default NetFlow flow source. • In the Data Sources window, click the Flow Sources icon. Click Save and then Deploy Changes. Click Add. Source File Path: Enter the location of the flow file. Flow Source Type: Select a Flow Source Type.
  • 22. 22 IBM Security Adding a flow source with asymmetric routing In some networks, traffic is configured to take different paths for inbound and outbound traffic. QRadar can combine the traffic into a single flow. Choose a Flow Source Type. Click Enable Asymmetric Flows. Complete these fields. Click Save and then Deploy Changes.
  • 23. 23 IBM Security Flow source aliases • You can configure a virtual name (or alias) for flow sources. • Using the source IP address and virtual name, you can identify multiple sources being sent to the same QRadar QFlow Collector. • QRadar QFlow Collector can use an alias to uniquely identify and process data sources being sent to the same port. Note: Use the Deployment Actions in System and License Management to configure the QRadar QFlow Collector to automatically detect flow-source aliases.
  • 24. 24 IBM Security Adding a flow source alias To add a flow source alias: 1.Click the Admin tab. 2.Click the Flow Aliases icon. Click Add. IP: Type the IP address of the flow source alias. Name: Type a unique name for the flow source alias. Click Save and then Deploy Changes.
  • 25. ibm.com/security securityintelligence.com xforce.ibmcloud.com @ibmsecurity youtube/user/ibmsecuritysolutions © Copyright IBM Corporation 2016. All rights reserved. The information contained in these materials is provided for informational purposes only, and is provided AS IS without warranty of any kind, express or implied. Any statement of direction represents IBM's current intent, is subject to change or withdrawal, and represent only goals and objectives. IBM, the IBM logo, and other IBM products and services are trademarks of the International Business Machines Corporation, in the United States, other countries or both. Other company, product, or service names may be trademarks or service marks of others. Statement of Good Security Practices: IT system security involves protecting systems and information through prevention, detection and response to improper access from within and outside your enterprise. Improper access can result in information being altered, destroyed, misappropriated or misused or can result in damage to or misuse of your systems, including for use in attacks on others. No IT system or product should be considered completely secure and no single product, service or security measure can be completely effective in preventing improper use or access. IBM systems, products and services are designed to be part of a lawful, comprehensive security approach, which will necessarily involve additional operational procedures, and may require other systems, products or services to be most effective. IBM does not warrant that any systems, products or services are immune from, or will make your enterprise immune from, the malicious or illegal conduct of any party. FOLLOW US ON: THANK YOU