News and Notices
Replays for Master Skills 2021
17 September: Users can watch replays for the Threat Detection, Advanced Searching, Network & Behavior Analytics session tracks. All sessions, with the exception of the live sessions are now posted and available for review. If you missed a QRadar session, use the provided link to watch a replay. It is expected that the live sessions will be posted in the next 7-10 days.
QVM External Scan service changes
1 September: On 1 September 2021 the QRadar Vulnerability Manager external scanners (DMZ scans) are being moved to an IBM Cloud location. This means that administrators need to contact your corporate firewall teams to allow access to 18.104.22.168:443 and complete a full deploy from your Console. If you experience issues with external scans stuck at 1% on or after 1 September 2021, then the network path is likely blocked to the new IBM Cloud scanners. For more information, review the technical note on this change.
Palo Alto Networks PanOS v10
2 September 2021: As part of a recent Palo Alto PA Series DSM update, IBM added support for new ‘recorded log types’ including ‘Global Protect’! This integration extends QRadar visibility and ability to correlate activity on Palo Alto Next Generation Firewalls.
Use Case Manager 3.3.0
31 August 2021: An updated version of the Use Case Manager app (V3.3.0) is released. This update adds several updates and improvements: 1. Support for custom rule attributes. Define a custom rule attribute and its values, assign the custom attribute values to a rule, and add the custom attribute as a column in Use Case Explorer. 2. Updates for V9 of the MITRE ATT&CK framework. 3. Added an option to delete one or more user rules that are selected in Use Case Explorer. 4. Improved report filtering.
Important: QRadar 7.4.3 issue identified
12 August 2021: A small number of users reported an upgrade issue in QRadar 7.4.3 and QRadar 7.4.3 Fix Pack 1 as described in the Security Bulletin for CVE-2021-29880. If you installed an affected software version, QRadar Support is requesting administrators confirm if domains are enabled on the Console. If you use an affected software version and domains are configured, you must open a case so the support team can review your Console.
QRadar events and webinars
Events and webinars are hosted by QRadar experts to discuss technical topics or present content teams feel is beneficial to users and administrators.
Open mic events are hosted by QRadar Support to discuss technical topics or present content we feel is beneficial to users. Join an open mic to learn about a topic, ask questions from panelists and learn about QRadar.