Welcome users! Here you have an opportunity to collaborate directly with the product development teams and other product users.

Note: To submit enhancement requests for Analytics products please visit Analytics Ideas Portal site.

To submit enhancement requests for OpenPages, Incentive Compensation Management and Financial Transaction Manager products please visit WFSS Ideas Portal site.

On December 6, 2018, IBM and HCL Technologies announced a definitive agreement under which HCL will acquire select IBM collaboration, commerce, digital experience and security software products. The transaction closed on June 30, 2019. The full list of products and part numbers included in this transaction can be found here.

For new product enhancement requests please use these links.US Federal customers please use the following link to request new product enhancements: https://www.hcltechsw.com/wps/portal/resources/us-government-contact

Filter the page content by brand and product


This is a table showing requests
Number of votes Request headline and description

34
votes

QRadar user roles lack flexibility

When designing user roles, QRadar offers several selectable permissions which can be granted to a user role. Important core functionalities, such as access to DSM editor oder the ability to manage use...

Duplicate

21
votes

Add ability to edit already set filters

If a filter for a search is once set, it cannot be edited. I always have to remove it and add it again. This is really annoying especially if the filter includes multiple entries (e.g. multiple IP add...

Under Consideration

19
votes

DSM for Twistlock Container Security

We would like to use QRadar to provide security monitoring for containers using Twistlock. Currently there is no DSM built for it.

Under Consideration

14
votes

Chained Offense should contain all contributing events

There are rules that use other rules or building blocks in order to start escalating activity. The out of the box "Chained Exploit Followed by Suspicious Events" is a good example, where we first fin...

Under Consideration

12
votes

Do not generate email for an empty report

When a report is empty (there wasnt anything to be reported on) we do not want to send an e-mail to reports recipients (or generate it at all). When people gets many e-mails with empty reports, they...

Uncommitted Candidate

11
votes

Modifying a search without having to re-enter all values

Add the ability to modify a search or quick search without having to re-enter all values or parameters again.

Planned for Future Release

8
votes

Correlation with CVE's

Under Consideration

7
votes

Identify relationship between multiple event properties within a QRadar tes...

When adding multiple event properties to a test, it is unclear whether these properties are joined by AND or OR.

Declined

6
votes

Create a graphical reports from offence

Offence feature of Qradar lacks automation of reporting or at least automation of the summary part where an security analyst needs to create a report for customer. Quite and amount of work needs to be...

Under Consideration

6
votes

For any number of reasons the CRE will fail, and there is no indication tha...

The CRE failed silently for multiple reasons not explained in the notifications that exists already. Reasons like a defect in the code or a Custom Event Property blocking the pipeline. We need to be...

Planned for Future Release

6
votes

Expand Offense Rule Functionality to Include Domain Specificity

Currently Domain Specific Rule Tests are carried out at the event rule/flow rule level, and offense rules do not include clauses such as " when the domain is" This customer would like to include this ...

Under Consideration

4
votes

MITRE Attack Referenz for QRadar Rules

Compliance Requirements at QRadar customers need to document the compatibilty to MITRE Attack Framework. Suggestion is to extend the Rule Description with a hint which MITRE Attack Technique or APT wi...

Planned for Future Release

4
votes

QRadar Maintenance Mode

We would like to have the possibility to activate something like "Maintenance Mode" where it would restrict the logins on the console to the local admin account or to a specific profile.

Declined

4
votes

Cisco APIC - ACI

The customer have Cisco APIC solution and they want to receive security events from it to be monitored by QRadar. But this is not mentioned in the DSM guide.

Under Consideration

4
votes

Add ability to edit built-in EventCount field in DSM

QRadar rule tests which have condition "at least This Many events" matches when the number of specified events are received. This number of events for rule matching is counted from EventCount field va...

Declined


Your ideas matter!

As of today:

42 new
230 planned
492 delivered


1177 users
4030 votes
3375 comments