What's new in earlier versions of QRadar Cloud Visibility
In case you missed a release, review a list of features from previous versions of IBM® QRadar® Cloud Visibility.
- Updated the Rule Groups and Rules filter on the dashboard tabs.
- On the Guide page, added the ability to install the most recent content extensions from the IBM Security App Exchange that are related to cloud environments.
- Removed Standard User capabilities from Amazon AWS integration. In version 4.0.0 of the IBM Security QRadar Custom Properties for
Amazon AWS content extension, the Standard Users reference sets were removed. The following
capabilities are removed or obsolete in QRadar Cloud
- The Standard Users tab on the AWS Utilities page, and related any service mappings
- The requirement for iam:ListUsers during Amazon AWS account setup
- Updated packages with known vulnerabilities.
- Added the eu-south-1 and af-south-1 regions for Amazon AWS.
- Fixed an issue where the app didn’t install in an air-gapped environment.
- The AWS wizard can now parse the Assume Role Policy JSON wherever the list is used inside a Resource property.
- The Guide page was enhanced by documenting more log source types in the AWS and Azure groups.
- This release contains internal enablement for Red Hat Universal Base Images (UBI). For more information, see QRadar: Applications, CentOS 6, and Python 2 End of Support (https://www.ibm.com/support/pages/node/6356547).
Dashboard configuration improvements
Added the ability to select the maximum age of events for an offense’s initial event query in the dashboard configuration. For more information, see Configuring cloud service providers to communicate with QRadar Cloud Visibility.
VPC flow improvements
If you have long lists of applications or protocols on the VPC Flow Logs page, you can select or deselect the lists at once to save time and effort. For more information, see Filtering the VPC flow log visualization.
Amazon AWS log source changes
The default log source types that are considered by the AWS dashboards now includes Universal DSM when the protocol type is Amazon AWS S3 REST API or Amazon Web Services. For more information about these protocol types, see Amazon AWS S3 REST API protocol configuration options and Amazon Web Services protocol configuration options.
- Added more clarity to some UI messages.
- Improved how dashboard queries are removed from QRadar.
- Usability improvements in the configuration wizard.
- Improved performance on the VPC Flow Logs page.
Common dashboard for all cloud offenses
- Top offense categories
- Top log source types
- Total offenses by MITRE tactic and rule
- Most severe offenses
- Most recent offenses
For more information, see Visualization of cloud offense data.
Cloud integrations guide
New "Total offenses by MITRE tactic and rule" chart added to all dashboards
Added support for selecting multiple regions in the Amazon AWS configuration
Amazon cloud computing resources are hosted in locations all over the world, so when you view your resources, you see only the resources for the region you specify. For example, you might be located in the US region but need the AWS resources from the Asia Pacific or African regions. For more information, see Updating the Amazon AWS account configuration in QRadar Cloud Visibility.
Added support for adding multiple ARNs for the Assume role policy in the Amazon AWS configuration
You can add up to 10 managed policies to an IAM user, role, or group. Previously, only one policy per AWS account was supported, limiting the number of accounts you can view. For more information, see Updating the Amazon AWS account configuration in QRadar Cloud Visibility.
Read the blog article about the new release (https://community.ibm.com/community/user/security/blogs/korinne-alpers/2020/08/31/new-qradar-cloud-visibility-release-on-ibm-app-exc).
- Added integration with Amazon AWS Security Hub. Offenses that are related to AWS log sources in QRadar can be sent to AWS Security Hub so that they can be viewed and analyzed, along with Amazon GuardDuty findings. For more information, see AWS Security Hub integration.
- Added integration with Amazon Detective to help you further investigate IP addresses, AWS accounts, EC2 instances, and Amazon GuardDuty findings. For more information, see Amazon Detective integration.
- Implemented enhancements to improve workflow in dashboards:
- Added filtering by offense start date and by log sources and log source types
- Added ability to configure log source types and log sources that are relevant for the Offense dashboard.
- Improved the utilities for configuring AWS services for QRadar:
- Added SQS information for Cloudtrails and a wizard to help you create a log source by using SQS queue. For more information, see Creating and editing CloudTrail log sources.
- Added an overview of GuardDuty logs in AWS and a wizard to help you create related log sources. For more information, see Creating and editing GuardDuty log sources.
- Added an overview of VPC Flow logs in AWS and a wizard to help you create related log sources. For more information, see Creating and editing VPC Flow log sources.
- Added new log source permissions to support new Amazon AWS log source types.
- Redesigned configuration wizard to include tabs for each cloud service provider, making it easier to configure the app.
- The app autodetects if a newer version is available from the QRadar Assistant app or the IBM Security App Exchange, making it easier to stay current with the latest app capabilities.
- Added a setup wizard to make it easier to set up your AWS accounts for the app.
- Added 4 new AWS Offense dashboard charts:
- All account IDs by magnitude
- All account IDs by related rule
- All resources by magnitude
- All resources by related rule
- Added AWS CloudTrail notifications in the CloudTrail Log Sources tab.
- Added the ability to view, edit, and delete log sources in the app, eliminating the need to link to the IBM QRadar console.
- Added Amazon VPC flow log visualization.QRadar on Cloud: VPC flows are not supported in IBM QRadar on Cloud.
- Improved the validation of the AWS cross-account setup (requires users to update the policy JSON in AWS).
- Added proxy configuration settings.
- Enhanced filters now available in sidebar.