Privacy assessment for QRadar DNS Analyzer

Starting with version 1.2.0, the IBM® QRadar DNS Analyzer app is GDPR-compliant.

The following workflow describes how data is processed in and transferred from the QRadar DNS Analyzer app:
  1. QRadar Device Support Modules (DSM) collect the following server log properties: url, sourceip, username.
  2. QRadar stores event properties in the Ariel database.
  3. The QRadar DNS Analyzer app queries the Ariel database to retrieve url, sourceip, and username.
  4. The QRadar DNS Analyzer app processes url, and passes sourceip and username to the output module. The sourceip and username values are never stored by the DNA Analyzer app.
  5. The output module of DNS Analyzer app formats syslog malicious domain events with url, sourceip, and username.
  6. The QRadar DNS Analyzer app forwards data to other applications.
    1. The QRadar DNS Analyzer app forwards syslog event to QRadar.
    2. The QRadar DNS Analyzer app forwards partial analysis to X-Force Exchange.
  7. The QRadar DNS Analyzer app DSM parses url, sourceip, and username from syslog.
  8. QRadar stores url, sourceip, and username as events in the Ariel database.
  9. The url and sourceip properties are displayed in the QRadar DNS Analyzer app dashboard.
  10. The User Behavior Analytics app CRE rules generate new sense events by using url, sourceip, and user name from the QRadar DNS Analyzer app.
  11. The User Behavior Analytics app consumes and displays data from the generated sense events.
  12. The Pulse app displays data from the DNS Analyzer events.