News
Abstract
QRadar Support Newsletter, a wrap-up of activities for January 2018. This newsletter covers QRadar troubleshooting, news, announcements, and how-to articles for IBM QRadar users and administrators.
Content
IBM Security QRadar Community,
Thank you for taking the time to review the QRadar Support Newsletter. The purpose of this newsletter is to provide a summary of activity related to QRadar, support information, news, "how-to" articles, tips for IBM Security QRadar SIEM and other associated QRadar products directly to QRadar users and administrators. Our goal is to provide knowledge and solutions to help security specialists complete their day-to-day activities.
1. QRadar software release information
Recent QRadar software releases and important information for administrators. For a list of all QRadar software versions and release notes, see: http://ibm.biz/qradarsoftware.
- QRadar Software for 7.2.x
- QRadar 7.2.8 Patch 11 (January 4)
- QRadar Software for 7.3.x
- QRadar 7.3.0 Patch 7 (Dec 13)
- QRadar 7.3.1 (Dec 18)
- QRadar 7.3.1 Patch 1** (Jan 26)
**NOTE: QRadar 7.3.1 Patch 1 resolves an issue for Lenovo M5 x3550 or M5 x3650 appliances where the appliances might randomly reboot due to a Red Hat Kernel defect. This release resolves the APAR on this issue and the associated flash notice was updated. For more information, see: QRadar 7.3.1 issue on Lenovo x3550 M5 and x3650 M5 appliances (Software available).
2. QRadar Open Mic Events Coming Soon
The next two QRadar Open Mic events are announced for February and March. For those who have not attended previously, QRadar Open Mic webcasts consist of a round table of QRadar experts who discuss a topic and take chat questions from the audience. QRadar Open Mic sessions are open to all participants who want to attend and learn more about QRadar. Users who subscribe to the newsletter list will receive an email invitation and a reminder email the day before the event.
- February 27th, 2018
QRadar Support will host a session in February on 'QRadar Cloud Architecture and Event Integrations'. This session will discuss cloud architecture and some of the challenges administrators face when integrating event sources from cloud environments. This panel is hosted by QRadar Support, QRadar Architecture, QRadar Integrations, and the QRadar Client Technical Professional team.
- In March
The QRadar Support Open Mic session will be hosted live from Think in Las Vegas. The topic will be 'Taking Advantage of new QRadar 7.3.1 Features'. This panel consists of members from QRadar Support and QRadar Architecture teams. For more information about IBM Think, see: https://www.ibm.com/events/think/.
3. Windows Protocols and SMBv2 Support
IBM has released QRadar protocol RPMs to support both SMBv1 and SMB2 to resolve the connection issues related Microsoft's disabling the SMBv1 connectivity. This release update enhanced the existing SMB protocols for QRadar to allow connections using the SMBv2 file sharing protocol. To enable SMBv2, all five protocol RPMs must be installed in a single command. These protocol updates are not available through QRadar Auto Updates and must be installed manually. For installation instructions and a link to IBM Fix Central, see: QRadar: Microsoft Windows Log Sources and Support for SMBv1 and SMBv2 (Updated).
4. QRadar 7.3.1 Documentation PDFs
The release of QRadar 7.3.1 moved the default documentation PDFs to the QRadar Knowledge Center. Administrators who have updated to QRadar 7.3.1 can bookmark the following links:
- PDF: https://www.ibm.com/support/knowledgecenter/en/SS42VS_7.3.1/com.ibm.qradar.doc/c_pdf_launch.html
- Online: https://www.ibm.com/support/knowledgecenter/SS42VS_7.3.1
5. QRadar User Groups
IBM is hosting several QRadar User Groups in the first quarter of 2018. The following cities have events coming soon:
- User Group #1
- Location: Omaha, Nebraska
- Date: February 21, 2018
- Registration: https://www.ibm.com/events/wwe/grp/grp304.nsf/Registration.xsp?openform&seminar=F23S3KES
- User Group #2
- Location: Scottsdale, Arizona
- Date: February 26, 2018
- Registration: https://www.ibm.com/events/wwe/grp/grp304.nsf/Registration.xsp?openform&seminar=EQ6PW7ES
- User Group #3
- Location: Ottawa, Canada
- Date: February 26, 2018
- Registration: https://www.ibm.com/events/wwe/grp/grp304.nsf/Registration.xsp?openform&seminar=B3FRMXES
- User Group #4
- Location: Calgary, Canada
- Date: March 1, 2018
- Registration: https://www.ibm.com/events/wwe/grp/grp304.nsf/Registration.xsp?openform&seminar=ABZNWJES
- User Group #5
- Location: Washington, D.C.
- Date: March 13, 2018
- Registration: https://www.ibm.com/events/wwe/grp/grp304.nsf/Registration.xsp?openform&seminar=96FM6YES
6. QRadar Master Console v0.12.0
A new version of the QRadar Master Console software v0.12.0 is available on IBM Fix Central and includes the ability to monitor QRadar 7.3.0 / 7.3.1 deployments and introduces extension management. The new extension functionality allows Master Console administrators to take an extension from the IBM App Exchange, upload the zip file, then deploy the app or extension to one or more QRadar Consoles. The Extensions view provides visibility for each Console where the app/extension is deployed to provide make management of extensions easier. For more information, see the Master Console documentation.
7. New X-Force & QRadar Functionality: Am I Affected?
The X-Force Exchange 'Am I Affected' option helps users quickly determine whether they are affected by zero-day attacks, such as Petya or WannaCry. The architecture cross-references QRadar log activities to determine if events and flows are related to any IOCs that are captured within a XFE public or private Collection. Users can assess the impact via graphical and tabular reporting, with quick pivoting back to QRadar. This service is entirely browser-based, so it does not cache QRadar data or send QRadar data to the X-Force Exchange server, and no QRadar data is stored on X-Force Exchange. To enable this integration, QRadar administrators must provide the Console IP Address and an authentication token into the X-Force Exchange using Settings > QRadar Integration. The 'Am I Affected' button is free to all QRadar users.
- For a video on this feature, see: Using the X-Force Exchange "Am I Affected" button.
- For more information, see the X-Force Exchange FAQ: https://exchange.xforce.ibmcloud.com/faq#what_is_affected_button.
- To try out this feature in the X-Force Exchange, see: https://exchange.xforce.ibmcloud.com/.
8. QRadar Pulse v2.0 Early Access
A new version of the QRadar Pulse app is available on the IBM App Exchange for administrators on QRadar 7.3.1. The new QRadar Pulse v2.0 application adds new unique dashboards that can be fine tuned and customized to display in a multi-screen SOC environment. QRadar Pulse v2.0 requires QRadar v7.3.1 to install. For more information, see QRadar Pulse v2.0 on the X-Force App Exchange.
9. User Behavior Analytics v2.5
Administrators should be aware that User Behavior Analytics version 2.5 is now available on the X-Force App Exchange.
This release includes two new features:
- Quickly investigate a user’s anomalous behavior with an inline event viewer to review the events that triggered specific UBA rules and use cases.
- A new in application 'Help and Support' page provides useful links, tutorials, and support functions.
10. IBM BigFix App for QRadar v2.0
A new BigFix App for QRadar v2.0 is available for administrators. This application includes a number of new features and several enhancements.
- New: Configuration compliance status
- New: On demand malware classification of crypto-hashes through the IBM X-Force Exchange
- New: Trending for Patch, Vulnerability and Compliance status with a selectable time interval
- New: BigFix data refresh on demand
- Enhancement: App configuration and serviceability improvements (features visibility, build number and more)
- Enhancement: Improved performance (8x - 25x in a reference lab environment)
- Enhancement: Support for up to 100k endpoints
11. What's new on the IBM Security App Exchange
New extensions and applications that are available on the IBM Security App Exchange for the month of December and January. This list contains all new extensions and applications since the last newsletter was published.
Apps & Extensions
- New: Analyst Custom Searches for QRadar (Dec 12)
- New: Cisco Firepower App for QRadar (Dec 20)
- New: ObserveIT App for QRadar (Dec 22)
- New: IBM Custom Properties for Microsoft Exchange (Jan 12)
- New: IBM QRadar AQL Codec Functions Content Extension (Jan 16)
- New: DeepInstinct Extension for QRadar (Jan 16)
- New: Onapsis Content Pack (Jan 19)
- New: Network Hierarchy Management for QRadar (Jan 19)
- New: MistNet (Jan 24)
- New: Check Point Custom Properties (Jan 25)
- New: Cisco IronPort Custom Properties (Jan 25)
- New: Squid Web Proxy Custom Properties (Jan 25)
- New: McAfee ePolicy Orchestrator Custom Properties (Feb 2)
- Updated: QRadar App Editor v2.0 (Dec 4)
- Updated: QRadar Operations App v1.3 (Dec 6)
- Updated: IBM z/OS Custom Property Extension v1.1.0 (Dec 6)
- Updated: FireEye iSIGHT Intelligence v1.1.0 (Dec 7)
- Updated: QRadar Deployment Intelligence v2.1.2 (Dec 12)
- Updated: QRadar Advisor With Watson v1.9 (Dec 15)
- Updated: PhishMe Intelligence v1.0.4 (Dec 20)
- Updated: QRadar Incident Overview (Jan 16)
- Updated: BluVector Cyber Hunting for IBM QRadar v2.0 (Jan 19)
- Updated: Carbon Black Response App for IBM QRadar v1.3.0 (Jan 19)
- Updated: QRadar Threat Intelligence v1.4.0 (Jan 19)
- Updated: Blue Coat Custom Properties v2.0.0 (Jan 25)
- Updated: Honeycomb SOCAutomation v6.2.2 (Jan 30)
- Updated: User Behavior Analytics for QRadar v2.5.0 (Feb 1)
- Updated: Qualys App for QRadar v1.0.1 (Feb 2)
- Early Access: QRadar Pulse v2.0 - QRadar v7.3.1 only (Jan 24)
- Early Access: QRadar Vulnerability Insights (Jan 30)
- Early Access: IBM Cloud Discovery App for QRadar (Feb 2)
12. Device and integration updates
Here is a list of releases and updates since our last newsletter.
DSMs
- Updated: Cisco Firewall Devices (Jan 29)
- Updated: DSM Common (Jan 29)
- Updated: Microsoft Windows Security Event Log (Jan 29)
- Updated: Pulse Secure Pulse Connect Secure (Jan 11)
- Updated: VMware vCenter (Jan 11)
- Updated: NCC Group DDos Secure (Jan 11)
- Updated: Palo Alto PA Series (Jan 11)
- Updated: Lieberman Random Password Manager (Jan 11)
- Updated: Fortinet FortiGate Security Gateway (Jan 11)
- Updated: IBM Tivoli Access Manager for e-business (Jan 11)
- Updated: Trend Micro Deep Discovery Email Inspector (Jan 11)
- Updated: Microsoft Azure (Dec 29)
- Updated: Squid Web Proxy (Dec 22)
- Updated: Microsoft Forefront Endpoint Protection (Dec 22)
- Updated: Aruba ClearPass Policy Manager (Dec 22)
- Updated: F5 Networks BIG-IP AFM (Dec 22)
- Updated: Check Point (Dec 14)
- Updated: Arbor Networks Peakflow SP (Dec 10)
- Updated: F5 Networks BIG-IP ASM (Dec 10)
- Updated: Cisco CatOS for Catalyst Switches (Dec 10)
- Updated: F5 Networks BIG-IP APM (Dec 10)
- Updated: EMC VMWare (Dec 10)
Protocols
- Updated: SMB Tail Protocol (Jan 31)
- Updated: Microsoft DHCP Protocol (Jan 31)
- Updated: Oracle Database Listener Protocol (Jan 31)
- Updated: Microsoft Exchange Protocol (Jan 31)
- Updated: Microsoft IIS Protocol (Jan 31)
- Updated: Okta Identity Management REST API (Jan 11)
- Updated: Microsoft Azure Event Hubs (Dec 29)
- Updated: Cisco Firepower eStreamer (Dec 14)
13. Support articles and useful information
- Important: QRadar: Microsoft Windows Log Sources and Support for SMBv1 and SMBv2 (Updated)
- Troubleshooting: Check Point Protocol Troubleshooting Overview
- Troubleshooting: Log File Protocol Troubleshooting Overview
- Troubleshooting: QRadar: Basic App Troubleshooting Before Opening a Support Ticket
- Troubleshooting: How to Troubleshoot Flow Forwarding
- Troubleshooting: QRadar: TLSSyslog Error 'Illegal Key Size' Due to RSA Cipher Suites
- Troubleshooting: Quick filter search index retention not performing cleanup
- Troubleshooting: QRadar Deployment Intelligence (QDI) App is Missing CPU Health Metrics
- Troubleshooting: QRadar 7.3.0 NFS Mount issue after reboot
- How-to: QRadar: Changing the IMM networking configuration
- SDK & App Development: https://developer.ibm.com/qradar/
- QRadar forums quick link: https://ibm.biz/qradarforums
- Support and get logs information: https://ibm.biz/qradarlogs
- Software master list quick link: https://ibm.biz/qradarsoftware
- Firmware master list quick link: https://ibm.biz/qradarfirmware
- Support case / ticketing quick link: https://ibm.biz/qradarsupport
- All Support articles quick link: https://ibm.biz/qradarknowledge
- Request for enhancements quick link: https://ibm.biz/RFEQRadar
- QRadar Open Mics quick link: https://ibm.biz/qradaropenmic
- QRadar X-Force FAQ quick link: https://ibm.biz/qradarxforce
- Ask Developers App forum questions: https://ibm.biz/qradarappdev
- QRadar Community Edition page: https://ibm.biz/qradarce
- QRadar Community Edition forums: https://ibm.biz/qradarceforums
We are on Twitter
IBM Security QRadar announcements, articles, and information are also delivered through @AskIBMSecurity. If you use Twitter, you can follow us by using the following link: https://twitter.com/AskIBMSecurity.
More to come
Next month we will deliver another support newsletter with information relevant to IBM Security QRadar. In the future we plan to address questions, provide more articles, support tips, and also cover new and existing features in support videos. If you have suggestions, please visit our IBM Customer Forum for QRadar and let us know.
Was this topic helpful?
Document Information
Modified date:
10 May 2019
UID
swg22011470