IBM Support

QRadar Support Newsletter - Summary for January 2018

News


Abstract

QRadar Support Newsletter, a wrap-up of activities for January 2018. This newsletter covers QRadar troubleshooting, news, announcements, and how-to articles for IBM QRadar users and administrators.

Content




IBM Security QRadar Community,

Thank you for taking the time to review the QRadar Support Newsletter. The purpose of this newsletter is to provide a summary of activity related to QRadar, support information, news, "how-to" articles, tips for IBM Security QRadar SIEM and other associated QRadar products directly to QRadar users and administrators. Our goal is to provide knowledge and solutions to help security specialists complete their day-to-day activities.


1. QRadar software release information


Recent QRadar software releases and important information for administrators. For a list of all QRadar software versions and release notes, see: http://ibm.biz/qradarsoftware.

  • QRadar Software for 7.2.x
    -
    QRadar 7.2.8 Patch 11 (January 4)
  • QRadar Software for 7.3.x
    -
    QRadar 7.3.0 Patch 7 (Dec 13)
    - QRadar 7.3.1 (Dec 18)
    - QRadar 7.3.1 Patch 1** (Jan 26)


    **NOTE: QRadar 7.3.1 Patch 1 resolves an issue for Lenovo M5 x3550 or M5 x3650 appliances where the appliances might randomly reboot due to a Red Hat Kernel defect. This release resolves the APAR on this issue and the associated flash notice was updated. For more information, see: QRadar 7.3.1 issue on Lenovo x3550 M5 and x3650 M5 appliances (Software available).



2. QRadar Open Mic Events Coming Soon


The next two QRadar Open Mic events are announced for February and March. For those who have not attended previously, QRadar Open Mic webcasts consist of a round table of QRadar experts who discuss a topic and take chat questions from the audience. QRadar Open Mic sessions are open to all participants who want to attend and learn more about QRadar. Users who subscribe to the newsletter list will receive an email invitation and a reminder email the day before the event.

  • February 27th, 2018
    QRadar Support will host a session in February on 'QRadar Cloud Architecture and Event Integrations'. This session will discuss cloud architecture and some of the challenges administrators face when integrating event sources from cloud environments. This panel is hosted by QRadar Support, QRadar Architecture, QRadar Integrations, and the QRadar Client Technical Professional team.
  • In March
    The QRadar Support Open Mic session will be hosted live from Think in Las Vegas. The topic will be 'Taking Advantage of new QRadar 7.3.1 Features'. This panel consists of members from QRadar Support and QRadar Architecture teams. For more information about IBM Think, see: https://www.ibm.com/events/think/.


3. Windows Protocols and SMBv2 Support


IBM has released QRadar protocol RPMs to support both SMBv1 and SMB2 to resolve the connection issues related Microsoft's disabling the SMBv1 connectivity. This release update enhanced the existing SMB protocols for QRadar to allow connections using the SMBv2 file sharing protocol. To enable SMBv2, all five protocol RPMs must be installed in a single command. These protocol updates are not available through QRadar Auto Updates and must be installed manually. For installation instructions and a link to IBM Fix Central, see: QRadar: Microsoft Windows Log Sources and Support for SMBv1 and SMBv2 (Updated).


4. QRadar 7.3.1 Documentation PDFs


The release of QRadar 7.3.1 moved the default documentation PDFs to the QRadar Knowledge Center. Administrators who have updated to QRadar 7.3.1 can bookmark the following links:



5. QRadar User Groups


IBM is hosting several QRadar User Groups in the first quarter of 2018. The following cities have events coming soon:



6. QRadar Master Console v0.12.0


A new version of the QRadar Master Console software v0.12.0 is available on IBM Fix Central and includes the ability to monitor QRadar 7.3.0 / 7.3.1 deployments and introduces extension management. The new extension functionality allows Master Console administrators to take an extension from the IBM App Exchange, upload the zip file, then deploy the app or extension to one or more QRadar Consoles. The Extensions view provides visibility for each Console where the app/extension is deployed to provide make management of extensions easier. For more information, see the Master Console documentation.


7. New X-Force & QRadar Functionality: Am I Affected?


The X-Force Exchange 'Am I Affected' option helps users quickly determine whether they are affected by zero-day attacks, such as Petya or WannaCry. The architecture cross-references QRadar log activities to determine if events and flows are related to any IOCs that are captured within a XFE public or private Collection. Users can assess the impact via graphical and tabular reporting, with quick pivoting back to QRadar. This service is entirely browser-based, so it does not cache QRadar data or send QRadar data to the X-Force Exchange server, and no QRadar data is stored on X-Force Exchange. To enable this integration, QRadar administrators must provide the Console IP Address and an authentication token into the X-Force Exchange using Settings > QRadar Integration. The 'Am I Affected' button is free to all QRadar users.




8. QRadar Pulse v2.0 Early Access


A new version of the QRadar Pulse app is available on the IBM App Exchange for administrators on QRadar 7.3.1. The new QRadar Pulse v2.0 application adds new unique dashboards that can be fine tuned and customized to display in a multi-screen SOC environment. QRadar Pulse v2.0 requires QRadar v7.3.1 to install. For more information, see QRadar Pulse v2.0 on the X-Force App Exchange.


9. User Behavior Analytics v2.5


Administrators should be aware that User Behavior Analytics version 2.5 is now available on the X-Force App Exchange.

This release includes two new features:
  • Quickly investigate a user’s anomalous behavior with an inline event viewer to review the events that triggered specific UBA rules and use cases.
  • A new in application 'Help and Support' page provides useful links, tutorials, and support functions.


10. IBM BigFix App for QRadar v2.0


A new BigFix App for QRadar v2.0 is available for administrators. This application includes a number of new features and several enhancements.

  • New: Configuration compliance status
  • New: On demand malware classification of crypto-hashes through the IBM X-Force Exchange
  • New: Trending for Patch, Vulnerability and Compliance status with a selectable time interval
  • New: BigFix data refresh on demand
  • Enhancement: App configuration and serviceability improvements (features visibility, build number and more)
  • Enhancement: Improved performance (8x - 25x in a reference lab environment)
  • Enhancement: Support for up to 100k endpoints

11. What's new on the IBM Security App Exchange


New extensions and applications that are available on the IBM Security App Exchange for the month of December and January. This list contains all new extensions and applications since the last newsletter was published.


Apps & Extensions


12. Device and integration updates


Here is a list of releases and updates since our last newsletter.

DSMs
- Updated: Cisco Firewall Devices (Jan 29)
- Updated: DSM Common (Jan 29)
- Updated: Microsoft Windows Security Event Log (Jan 29)
- Updated: Pulse Secure Pulse Connect Secure (Jan 11)
- Updated: VMware vCenter (Jan 11)
- Updated: NCC Group DDos Secure (Jan 11)
- Updated: Palo Alto PA Series (Jan 11)
- Updated: Lieberman Random Password Manager (Jan 11)
- Updated: Fortinet FortiGate Security Gateway (Jan 11)
- Updated: IBM Tivoli Access Manager for e-business (Jan 11)
- Updated: Trend Micro Deep Discovery Email Inspector (Jan 11)
- Updated: Microsoft Azure (Dec 29)
- Updated: Squid Web Proxy (Dec 22)
- Updated: Microsoft Forefront Endpoint Protection (Dec 22)
- Updated: Aruba ClearPass Policy Manager (Dec 22)
- Updated: F5 Networks BIG-IP AFM (Dec 22)
- Updated: Check Point (Dec 14)
- Updated: Arbor Networks Peakflow SP (Dec 10)
- Updated: F5 Networks BIG-IP ASM (Dec 10)
- Updated: Cisco CatOS for Catalyst Switches (Dec 10)
- Updated: F5 Networks BIG-IP APM (Dec 10)
- Updated: EMC VMWare (Dec 10)

Protocols
- Updated: SMB Tail Protocol (Jan 31)
- Updated: Microsoft DHCP Protocol (Jan 31)
- Updated: Oracle Database Listener Protocol (Jan 31)
- Updated: Microsoft Exchange Protocol (Jan 31)
- Updated: Microsoft IIS Protocol (Jan 31)
- Updated: Okta Identity Management REST API (Jan 11)
- Updated: Microsoft Azure Event Hubs (Dec 29)
- Updated: Cisco Firepower eStreamer (Dec 14)

13. Support articles and useful information





We are on Twitter


IBM Security QRadar announcements, articles, and information are also delivered through @AskIBMSecurity. If you use Twitter, you can follow us by using the following link: https://twitter.com/AskIBMSecurity.


More to come


Next month we will deliver another support newsletter with information relevant to IBM Security QRadar. In the future we plan to address questions, provide more articles, support tips, and also cover new and existing features in support videos. If you have suggestions, please visit our IBM Customer Forum for QRadar and let us know.

[{"Product":{"code":"SSBQAC","label":"IBM Security QRadar SIEM"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Component":"Newsletters","Platform":[{"code":"PF016","label":"Linux"},{"code":"PF033","label":"Windows"}],"Version":"7.3.1;7.3;7.2.8;7.2","Edition":"All Editions","Line of Business":{"code":"LOB24","label":"Security Software"}}]

Document Information

Modified date:
10 May 2019

UID

swg22011470