Question & Answer
Question
How can a QRadar Administrator confirm the X-Force server database updates are current?
Answer
To verify whether the X-Force server is receiving the daily updates to the database, administrators with command line access to the QRadar Console can manually validate their database version against the IBM Security X-Force Database reference (http://www.xforce-security.com/dbversion/).
When the QRadar Console receives updates from the IBM X-Force Exchange, reference sets are updated and the latest versions are logged in /var/log/dca/dca_info.log.
Procedure
- Use SSH to log in to the QRadar Console as the root user.
- Navigate to the /var/log/dca directory.
- To validate an X-Force database versions, review the following commands:
- To view the X-Force URL database version, type:
grep "UpdateModule.*url_database" /var/log/dca/dca_info.log | tail -2
- To view the X-Force IP reputation database version:
grep "UpdateModule.*ipr_database" /var/log/dca/dca_info.log | tail -2
- To view the X-Force Web Application database version:
grep "UpdateModule.*wac_database" /var/log/dca/dca_info.log | tail -2
- To view the X-Force URL database version, type:
- Compare the date and version info from the command-line output to the X-Force master database list: http://www.xforce-security.com/dbversion/
13756 2024-06-25 23:25:10.974 N UpdateModule Updating client ipr_database (dcafilterdb) from 6.01784205 to 6.01784206 13756 2024-06-25 23:25:10.975 N UpdateModule Update for client ipr_database completed with return code 2800
Results
If the database version is old or out-of-date, administrators can review their proxy configurations to verify that the X-Force Threat Intelligence feeds are enabled and that firewalls are not rejecting connections to: update.xforce-security.com or license.xforce-security.com. For more information, see: Enabling X-Force Threat Intelligence in QRadar.
[{"Line of Business":{"code":"LOB24","label":"Security Software"},"Business Unit":{"code":"BU048","label":"IBM Software"},"Product":{"code":"SSBQAC","label":"IBM Security QRadar SIEM"},"ARM Category":[{"code":"a8m0z000000cwsyAAA","label":"Admin Tasks"}],"ARM Case Number":"","Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"All Version(s)"}]
Was this topic helpful?
Document Information
Modified date:
26 June 2024
UID
swg21999043