Privacy assessment for QRadar DNS Analyzer
Starting with version 1.2.0, the IBM® QRadar DNS Analyzer app is GDPR-compliant.
The following workflow describes how data is processed in and transferred from the QRadar
DNS Analyzer app:
- QRadar Device Support Modules (DSM) collect the following server log properties: url, sourceip, username.
- QRadar stores event properties in the Ariel database.
- The QRadar DNS Analyzer app queries the Ariel database to retrieve url, sourceip, and username.
- The QRadar DNS Analyzer app processes url, and passes sourceip and username to the output module. The sourceip and username values are never stored by the DNA Analyzer app.
- The output module of DNS Analyzer app formats syslog malicious domain events with url, sourceip, and username.
- The QRadar DNS Analyzer app forwards data to other applications.
- The QRadar DNS Analyzer app forwards syslog event to QRadar.
- The QRadar DNS Analyzer app forwards partial analysis to X-Force Exchange.
- The QRadar DNS Analyzer app DSM parses url, sourceip, and username from syslog.
- QRadar stores url, sourceip, and username as events in the Ariel database.
- The url and sourceip properties are displayed in the QRadar DNS Analyzer app dashboard.
- The User Behavior Analytics app CRE rules generate new sense events by using url, sourceip, and user name from the QRadar DNS Analyzer app.
- The User Behavior Analytics app consumes and displays data from the generated sense events.
- The Pulse app displays data from the DNS Analyzer events.