What's new in the QRadar DNS Analyzer app
Learn about the new features in each IBM® QRadar DNS Analyzer app release.
Version 2.0.3
- Updates to improve security.
- Fixed compatibility issues for QRadar® 7.5 Update Package 8 and later.
Version 2.0.2
- Fixed an issue where configuration files might reset on a container restart.
- Fixed an issue that caused the app configuration page to be inaccessible after you disable the analytics.
- Updates to improve security.
Version 2.0.1
Updated Squatting and DGA Analytics to resolve multiple known squatting false-positives.
Version 2.0.0
The DNS Analyzer app is upgraded to use version 2 of the App Framework SDK.
Version 1.5.0
Version 1.5.0 includes the following new features and improvements:
- Improved Squatting and DGA analytics.
- Squatting analytics enabled by default on new installs.
Version 1.4.7
Version 1.4.7 includes the following new features and improvements:
- Additional cleanup for saved searches.
- dns_flow_flag property definition updated.
Version 1.4.6
Version 1.4.6 includes the following new features and improvements:
- Performance improvement settings to enable or disable collecting data for analytics for both events or flows.
- Tunneling analytics settings for event threshold and minimum subdomain length.
- Support for QRadar on Cloud.
- Squatting Brand visibility custom event property updates.
- Added new search view: DNS Analyzer - Traffic, Events.
Version 1.4.4
Version 1.4.4 includes the following new features and improvements:
- Added the ability to improve performance by enabling INDEXING with the admin account. For more information, see Enabling QRadar DNS Analyzer support for INDEXING.
- Added the ability to disable unused events or flow interfaces.
- Improved the quality of Squatting Analytics, based upon the access to the latest X-Force Threat Intelligence feed.
- Fixed an issue that caused the Out of Memory issue when searching without INDEXING.
- Fixed an issue where DNS Analyzer counters do not update automatically due to an error with Ariel communications or database initialization.
- Fixed an issue that caused user search results to disappear too early due to competing DNS Analytics activity.
Version 1.4.3
Version 1.4.3 includes the following new features and improvements:
- Fixed compatibility issue with QRadar 7.3.2 patch 3 release.
- Improved Blacklist and Whitelist processing when adding or removing domains to take effect immediately.
- Updated DNS Tunneling detection’s accuracy based on specific Resource Record types in use.
- Eliminated confusing log errors and warnings occurring when no DNS events are currently available to process.
- Corrected an software crash caused by processing certain overly long URLs as domain names.
- Improved the extraction of domain names from URLs.
Version 1.4.2
Version 1.4.2 includes the following new features and improvements:
- Added DSM support for Fortinet FortiGate Security Gateway.
- Improved event processing performance for supported QRadar devices.
- Improved DNS flow parsing.
- Improved memory usage when generating malicious domain events.
- Added "UNKNOWN" trace label (formerly "0i") to the Request Types volumetrics graph.
Version 1.4.1
Version 1.4.1 includes the following new features and improvements:
- Fixed a stability issue in version 1.4.0 that can cause the dashboard metrics to display as 0
(zero).Note: If all dashboard metrics start to display 0 (zero), you must uninstall DNS Analyzer version 1.4.0 before you can install version 1.4.1.
- Removed Domain Profile and Top Domain List from the DNS Analyzer dashboard. Day and week display intervals are supported.
Version 1.4.0
Version 1.4.0 includes the following new features and improvements:
- Added DNS traffic charts to the DNS Analyzer dashboard.
- Only QRadar Pulse Dashboard V2.12 and later is supported by the QRadar DNS Analyzer app.
- Added a feature to indicate if the required X-Force Threat Intelligence feed is disabled in QRadar.
Version 1.3.0
Version 1.3.0 includes the following new features and improvements:
- Added Feature: DNS Tunneling detection.
- Added Support for QRoC (QRadar on Cloud).
- Added Support for QRadar 731-Patch5 New QNI format.
- Added DSM support: BlueCat Networks Adonis DNS Server
- Added DSM support: Cisco IronPort Web Security Appliance
- Added DSM support: Check Point Firewall
- Enabled "Process only newly observed domains" by default.
- Disable Squatting event reporting by default.
- Fixed an issue where the Chart Filters causes the app to crash.
- Fixed an issue where timestamp is incorrect in MDD and UAMD event.
Version 1.2.1
Version 1.2.1 includes the following new features and improvements:
- Improved the domain detection efficacy of DGA and Squatting.
- Added DSM support: McAfee Web Gateway.
- Added DSM support: Microsoft DNS Debug.
- Fixed an issue that caused the Ariel database to overload.
Version 1.2.0
Version 1.2.0 includes the following new features and improvements:
- GDPR compliant.
- Integration support for the IBM QRadar User Behavior Analytics (UBA) app and IBM QRadar Pulse app.
- Domain filtering (whitelist and blacklist) configuration settings.
- Proxy configuration settings for outbound traffic.
- Support for X-Force Threat Intelligence feed for domain categorization and filtering.
- DGA Domains detection and analytics.
- Squatting Domains detection and analytics.
- Sorting capability for DGA/SQUATTING/BLACKLIST/User Accessed Malicious domain events by source IP.
- DGA/SQUATTING/BLACKLIST/User Accessed Malicious domain event list.
- DGA/SQUATTING/BLACKLIST/User Accessed Malicious domain event creation and CRE response through QRadar.
- Configuration settings for enabling and disabling a specific analytic or event type.
- Identified and improved performance benchmark for analytics pipeline.