Question & Answer
Question
Do the QRadar Network Security (XGS) and Security Network IPS (GX) sensors analyze compressed file traffic?
Answer
The XGS sensor and the Data Loss Prevention (DLP) module on the GX do not analyze compressed file traffic by default. This behavior is controlled by the following tuning parameter:
Name:
Value:
To analyze this traffic, edit the parameter that is mentioned above and set its value to
Name:
pam.ca.zip.uncompress.enable
Value:
false
(default)To analyze this traffic, edit the parameter that is mentioned above and set its value to
true
.
- For the XGS, you can make this change in the Advanced Tuning Parameters policy.
- For the GX, you can make this change in the Tuning Parameters policy.
Related Information
[{"Product":{"code":"SSFSVP","label":"IBM QRadar Network Security"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Component":"Protocol Analysis Module (PAM)","Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"Version Independent","Edition":"","Line of Business":{"code":"LOB24","label":"Security Software"}},{"Product":{"code":"SS9SBT","label":"Proventia Network Intrusion Prevention System"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Component":"Protocol Analysis Module (PAM)","Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"Version Independent","Edition":"","Line of Business":{"code":"LOB24","label":"Security Software"}},{"Product":{"code":"SSHLHV","label":"IBM Security Network Protection"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Component":"Protocol Analysis Module (PAM)","Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"Version Independent","Edition":"","Line of Business":{"code":"LOB24","label":"Security Software"}}]
Was this topic helpful?
Document Information
Modified date:
23 January 2021
UID
swg21967067