IBM QRadar Xforce


Published on

The SIEM tool from IBM which gives you a overview of IBM tools what are the features ...

Published in: Education, Technology

IBM QRadar Xforce

  1. 1. ( Latest version is 7.2, Build number 636622) Requirements : 1. QRadar is software that be installed on RHEL6 2. PostgreSQL 3. Ariel database K Siva Sreenivasulu FixNix InfoSec solutions
  2. 2. • QRadar has been developed over the years from a company called Q1Labs Oda was acquired by IBM in 2012. • QRadar acquired IBM All in the IBM Security Systems Security all security related issues so you can see that the plan to place the top of the solution, running.
  3. 3. 'All Log Data were collected and analyzed by correlation, potential threats / attacks to find.'
  4. 4. QRadar's architecture  It is based on RHEL6, most of law data is stored on Ariel database.  Processed data and Configurations are stored on PostgreSQL.  And Green boxes can be called core that collecting, processing, storing logs in QRadar.  All tasks are working on terminal and we can view this tasks also using SSL GUI Web Console, and we can work on Graphic interface.
  5. 5. QRadar Web console Firstly, above feature is 'Dashboard'. Based on collected logs, We can confirm 'what logs were collected more', 'how actions were detected', 'what kind of threats are exist in our infrastructure'. There are 5 dashboard that be supplied from IBM, We can create new dashboard using widget that we want only.
  6. 6. Offenses  Offense feature is so important.  It shows us threat after analyzing Event / Flow logs.  IBM X-Force research institute update rules that be able to analyze new threats, and user can makes rules also, rules feature is used widely.  If it is configured correctly, We can confirm threats and analyze threats with out monitoring in UTM / IPS / Virus wall / etc.  To make integrated threat monitoring system, log / flow data are be material for making Offense.
  7. 7. Log Activity  So, are used log / flow data for offense only?  Yes, You can think like that, but it is wrong.  Purpose of original plan to collect logs is to make offense, but while collecting logs, these can be used other ways.  We can abstract meaningful data.
  8. 8. Network Activity  We can see the real time flow data log in the network activity
  9. 9. Most used Network Application abstract meaningful data
  10. 10. Time series Chart for viewing traffic usage
  11. 11. Assets  Because It find IP list in the infrastructure but It can't know about detail OS, MAC Addresses, Author name. So You have to fill asset format passive typing, It is never useful.  'Server Discovery' feature in Assets.  It can find frequently accessed ports.  Before release 7.2 version, QRadar must have 3rd party scanner program  When 3rd party scanner program find vulnerability, QRadar use this result. Open source 3rd part scanner : NMap, Nessus   cts/nessus
  12. 12. Reports  QRadar collect log and flow, process data, give us useful data.  Report is one of useful data on QRadar.  Report can be generated as schedules, We can make use this result for regular reporting.
  13. 13. Admin  In here, there are many buttons to configure settings related user, log, system.  Finding vulnerability, defining dangerous web site, configuring life-cycle of data, It's are in here.  investigated main feature of QRadar.