Deployment and application tuning overview
Tuning your IBM QRadar SIEM environment involves processes in which one or more parameters of an appliance, deployment, or running system are adjusted to run more efficiently.
After you install QRadar and it is running, you can tune your QRadar SIEM system in the following two phases:
- Deployment phase
- During this phase, you configure essential network, scanner, log source, and asset configurations. This phase is done at the start of your lifecycle management for QRadar systems.
- Application phase
- During this phase, you discover servers, investigate offenses, optimize custom rules, edit building blocks, tune false positives, and improve search performance in QRadar.
QRadar Use Case Manager app
You can also use the IBM QRadar Use Case Manager to tune QRadar. Use the guided tips in QRadar Use Case Manager to help you ensure that QRadar is optimally configured to accurately detect threats throughout the attack chain. For more information, see QRadar Use Case Manager.
Download the app from the IBM® Security App Exchange (https://exchange.xforce.ibmcloud.com/hub/extension/bf01ee398bde8e5866fe51d0e1ee684a).
Tuning videos
Watch the following videos on how to tune QRadar:
- Tuning QRadar introduction: https://ibm.biz/BdqtFa (https://ibm.bi/BdqtFa).
- QRadar Tuning wrap up https://ibm.biz/BdqtFe: (https://ibm.biz/BdqtFe).