What's new in earlier versions of QRadar Cloud Visibility

In case you missed a release, review a list of features from previous versions of IBM® QRadar® Cloud Visibility.

Version 1.5.0

Updated the Guide Page links for the QRadar to AWS and QRadar to Azure marketplace websites.
Updated packages with known vulnerabilities.

Version 1.4.4

Updated the Rule Groups and Rules filter on the dashboard tabs.
On the Guide page, added the ability to install the most recent content extensions from the IBM Security App Exchange that are related to cloud environments.
Removed Standard User capabilities from Amazon AWS integration. In version 4.0.0 of the IBM Security QRadar Custom Properties for Amazon AWS content extension, the Standard Users reference sets were removed. The following capabilities are removed or obsolete in QRadar Cloud Visibility 1.4.4:
- The Standard Users tab on the AWS Utilities page, and related any service mappings
- The requirement for iam:ListUsers during Amazon AWS account setup
Updated packages with known vulnerabilities.

Version 1.4.3

Added the eu-south-1 and af-south-1 regions for Amazon AWS.
Fixed an issue where the app didn’t install in an air-gapped environment.

Version 1.4.2

The AWS wizard can now parse the Assume Role Policy JSON wherever the list is used inside a Resource property.
The Guide page was enhanced by documenting more log source types in the AWS and Azure groups.
This release contains internal enablement for Red Hat Universal Base Images (UBI). For more information, see QRadar: Applications, CentOS 6, and Python 2 End of Support (https://www.ibm.com/support/pages/node/6356547).

Version 1.4.1

Dashboard configuration improvements

Added the ability to select the maximum age of events for an offense’s initial event query in the dashboard configuration. For more information, see Configuring cloud service providers to communicate with QRadar Cloud Visibility.

VPC flow improvements

If you have long lists of applications or protocols on the VPC Flow Logs page, you can select or deselect the lists at once to save time and effort. For more information, see Filtering the VPC flow log visualization.

Amazon AWS log source changes

The default log source types that are considered by the AWS dashboards now includes Universal DSM when the protocol type is Amazon AWS S3 REST API or Amazon Web Services. For more information about these protocol types, see Amazon AWS S3 REST API protocol configuration options and Amazon Web Services protocol configuration options.

Usability improvements

This release contains the following usability improvements:

Added more clarity to some UI messages.
Improved how dashboard queries are removed from QRadar.
Usability improvements in the configuration wizard.
Improved performance on the VPC Flow Logs page.

Version 1.4.0

Common dashboard for all cloud offenses

The All Cloud Offenses Overview dashboard helps security analysts visualize potential cloud-related offenses, and can be organized in various ways to suit your needs. The dashboard displays all open offense data in the following charts:

Top offense categories
Top log source types
Total offenses by MITRE tactic and rule
Most severe offenses
Most recent offenses

For more information, see Visualization of cloud offense data.

Cloud integrations guide

The guide provides an overview of the cloud integrations that QRadar supports and which ones are currently installed. See which other cloud platform components you can consider installing so that you can get insight into potential offenses in Amazon Web Services, Microsoft Azure, and IBM Cloud®. Configure log sources and install any cloud-related content extensions that are relevant to your cloud platforms. Access the guide from the navigation menu.

New "Total offenses by MITRE tactic and rule" chart added to all dashboards

Each bar in the chart shows the number of offenses per MITRE tactic and per rule. Click through each section to get more details. This chart is only available if IBM QRadar Use Case Manager is installed.

Chart showing the total number of offenses mapped to MITRE tactics and rules

Added support for selecting multiple regions in the Amazon AWS configuration

Amazon cloud computing resources are hosted in locations all over the world, so when you view your resources, you see only the resources for the region you specify. For example, you might be located in the US region but need the AWS resources from the Asia Pacific or African regions. For more information, see Updating the Amazon AWS account configuration in QRadar Cloud Visibility.

Added support for adding multiple ARNs for the Assume role policy in the Amazon AWS configuration

You can add up to 10 managed policies to an IAM user, role, or group. Previously, only one policy per AWS account was supported, limiting the number of accounts you can view. For more information, see Updating the Amazon AWS account configuration in QRadar Cloud Visibility.

Read the blog article about the new release (https://community.ibm.com/community/user/security/blogs/korinne-alpers/2020/08/31/new-qradar-cloud-visibility-release-on-ibm-app-exc).

Version 1.3.0

Added integration with Amazon AWS Security Hub. Offenses that are related to AWS log sources in QRadar can be sent to AWS Security Hub so that they can be viewed and analyzed, along with Amazon GuardDuty findings. For more information, see AWS Security Hub integration.
Added integration with Amazon Detective to help you further investigate IP addresses, AWS accounts, EC2 instances, and Amazon GuardDuty findings. For more information, see Amazon Detective integration.
Implemented enhancements to improve workflow in dashboards:
- Added filtering by offense start date and by log sources and log source types
- Added ability to configure log source types and log sources that are relevant for the Offense dashboard.
Improved the utilities for configuring AWS services for QRadar:
- Added SQS information for Cloudtrails and a wizard to help you create a log source by using SQS queue. For more information, see Creating and editing CloudTrail log sources.
- Added an overview of GuardDuty logs in AWS and a wizard to help you create related log sources. For more information, see Creating and editing GuardDuty log sources.
- Added an overview of VPC Flow logs in AWS and a wizard to help you create related log sources. For more information, see Creating and editing VPC Flow log sources.
Added new log source permissions to support new Amazon AWS log source types.
Redesigned configuration wizard to include tabs for each cloud service provider, making it easier to configure the app.
The app autodetects if a newer version is available from the QRadar Assistant app or the IBM Security App Exchange, making it easier to stay current with the latest app capabilities.

Version 1.2.0

Added a setup wizard to make it easier to set up your AWS accounts for the app.
Added 4 new AWS Offense dashboard charts:
- All account IDs by magnitude
- All account IDs by related rule
- All resources by magnitude
- All resources by related rule
Added AWS CloudTrail notifications in the CloudTrail Log Sources tab.
Added the ability to view, edit, and delete log sources in the app, eliminating the need to link to the IBM QRadar console.
Added Amazon VPC flow log visualization.
QRadar on Cloud: VPC flows are not supported in IBM QRadar on Cloud.

Version 1.1.0

Improved the validation of the AWS cross-account setup (requires users to update the policy JSON in AWS).
Added proxy configuration settings.
Enhanced filters now available in sidebar.