Topic
  • 2 replies
  • Latest Post - ‏2016-08-31T21:34:45Z by JonathanPechtaIBM
masifpak
masifpak
1 Post

Pinned topic How can get and install IBM Security Anomaly Content Extension

‏2016-08-22T11:10:42Z | anomaly contents

Hi Geeks,

I have  a QRADAR 7.2.6 installed. I want to install Security Content Extension so that I can get the following ruleset.

"The Anomaly extension adds 10 anomaly rules and 9 building blocks for a total of 19 content add-ons for QRadar".

Is there any License requirement or something else. I am unable to download such other extensions. Please guide me in this regard. Please have a look at below link.

 

http://www-01.ibm.com/support/docview.wss?uid=swg21701213#rules

 

 

 

  • qmasters
    qmasters
    1 Post

    Re: How can get and install IBM Security Anomaly Content Extension

    ‏2016-08-24T12:21:16Z  

    first you need to rigster to Xforce site and get a token only them you will be able to download the apps

  • JonathanPechtaIBM
    JonathanPechtaIBM
    44 Posts

    Re: How can get and install IBM Security Anomaly Content Extension

    ‏2016-08-31T21:34:45Z  

    masifpak,

     

    You just need to sign-in using your IBM id (free registration) and you can download the .zip file that contains the Anomaly Extension Content. We typically recommend that you be on QRadar 7.2.6 Patch 4 or later when using apps due to some framework changes related to reinstalling apps and future app updates. There is no requirement for a token, you can just download the .zip file, click the Admin tab, go to Extension Management, upload your file, and install your app. During the install, you will be asked to overwrite any existing values. For rules, this just modifies the rule template and does not alter any user modified rules for your users. However, values like custom properties or searches will be overwritten if you have made changes. So, keep this information in mind as you install new Content packs. In most cases, users can use the override feature as for Anomaly, Threat, Compliance, Recon, and other content extensions, these are adding rules, reports, and other information that is not part of the QRadar 7.2.6 default installation. It is always a good idea to review what is being installed.

     

    If you have further questions or issues, let us know.