IBM Support

QRadar Support Newsletter - Summary for June/July 2018

News


Abstract

QRadar Support Newsletter, a wrap-up of activities for June & July 2018. This newsletter covers QRadar troubleshooting, news, announcements, and how-to articles for IBM QRadar users and administrators.

Content

image-20180918223513-1

IBM Security QRadar Community,
Thank you for taking the time to review the QRadar Support Newsletter. The purpose of this newsletter is to provide a summary of activity related to QRadar, support information, news, "how-to" articles, tips for IBM Security QRadar and other associated QRadar products directly to QRadar users and administrators. Our goal is to provide knowledge and solutions to help security specialists complete their day-to-day activities.


 

1. QRadar software release information

Recent QRadar software release important information for administrators. For a list of all QRadar software versions and release notes, see: http://ibm.biz/qradarsoftware for firmware releases, see: https://ibm.biz/qradarfirmware.

Recent software releases for June / July


Coming in August

  • QRadar 7.3.1 Patch 5
  • QRadar 7.2.8 Patch 13 Interim Fix 1
  • USB M3 Firmware updates

 

2. QRadar Open Mic: Software Update Checklist

In July, the QRadar Support team hosted a live discussions to the support upgrade checklist and what administrators can review before they apply a software update to their QRadar deployment. For those users who were unable to attend, we have posted the video replays on the IBM Security Support YouTube channel. During this session, we discussed the checklist and took questions from administrators on how upgrades work in QRadar, what to watch out for, and provided several tips to administrators.

 

3. WinCollect 7.2.8 is available on IBM Fix Central

A new version of WinCollect is available for administrators on IBM Fix Central. This version includes several new features:

  • Support for remote polling for Microsoft IIS events using the WinCollect plug-in for Microsoft IIS.
  • Support for Microsoft Exchange Server.
  • A new logging subsystem that combines logging into a single file.
  • A new statistics file that tracks events per second per channel (event log).
  • Support for the Windows 2016 Core OS.

Link: Release notes for WinCollect 7.2.8


 

4. Log Source Management App is Updated!

A new version of the QRadar Log Source Management app is available for users to download. Version 2.0.0 allows users to make bulk edits of log sources. For more information, see the IBM X-Force App Exchange page for the Log Source Management App.


 

5. QRadar Monthly 'Under the Radar' sessions

Starting on September 7th, the QRadar Client Technical Professional team and QRadar Support is teaming up to start a new series of monthly demo sessions. These sessions are intended for both non-customers and new users alike to listen in on the demo and to join in the discussion about QRadar. Each month, there will be a QRadar demo that is open to all participants who want to join. This expands on our current monthly session to


 

6. User Behavior Analytics Updated

A new version of the User Behavior Analytics app is available for administrators with the release of UBA v2.8.0. For administrators who want to keep up with the latest app updates, the QRadar Assistant App provides information and can directly install application updates for QRadar Consoles that are linked to the IBM X-Force App Exchange.

Change list for UBA 2.8.0

  • Configure machine learning analytics with an advanced search filter.
  • New machine learning analytic to detect abnormal outbound transfer attempts.
  • Additional machine learning memory configurations to support more users when running on an app node.
  • Specify users to track with machine learning.
  • Added a reference set to identify High Risk Users.
  • New dashboard statistics for Users Discovered from Events and Users Imported from Directory.
  • Configure whether to display graphs for each machine learning analytic.
  • Configure whether to install UBA content packs (QRadar rules, custom properties, and reference data for use cases).
  • Added use cases for Browsed to Website categories Business/Service, LifeStyle, and Uncategorized.
  • Added use case UBA : Network Share Accessed
  • Added use case UBA : NonAdmin Access to Domain Controller
  • Added use case UBA : User Access from Prohibited Location
  • Added use case UBA : User Access from Restricted Location
  • Added use case UBA : Multiple Kerberos Authentication Failures from Same User
  • Added use case UBA : TGT Ticket Used by Multiple Hosts

 

7. IBM QRadar Security Analytics Self Monitoring

A new content extension is available to help administrators audit QRadar changes. The IBM QRadar Security Analytics Self Monitoring content extension provides 8 custom properties, 6 custom rules, 8 searches and 4 reports that allow to follow-up usage and review abnormal activity on QRadar itself. This content pack allows to detect Shared Account, tentatives to corrupt or delete logs, system configuration updates, custom rules change log and QRadar host unavailability.

Image of Pulse dashboards showing the QRadar Security Analytics Self Monitoring content extension


 

8. What's new on the IBM Security App Exchange

New extensions and applications that are available on the IBM Security App Exchange for the month of March. This list contains all new extensions and applications since the last newsletter was published.

Apps & Extensions


 

9. Device and integration updates

Here is a list of releases and updates since our last newsletter.

DSMs

  • New: VMWare AppDefense (June 6)
  • New: Microsoft Windows Defender ATP (June 29)
  • Updated: Akamai KONA (July 31)
  • Updated: Extreme HiPath (July 20)
  • Updated: Microsoft Exchange Server (July 20)
  • Updated: Amazon GuardDuty (July 16)
  • Updated: McAfee Network Security Platform (July 12)
  • Updated: SIM Aduit (July 10)
  • Updated: Amazon AWS CloudTrail (June 29)
  • Updated: HP ProCurve (June 29)
  • Updated: Check Point (June 29)
  • Updated: SIM Generic (June 29)
  • Updated: EMC VMWare (June 21)
  • Updated: Cisco Meraki (June 15)
  • Updated: BlueCat Networks Adonis (June 14)
  • Updated: Microsoft Azure (June 8)
  • Updated: Exabeam (June 1)
  • Updated: Symantec Endpoint Protection (June 1)


Protocols

  • New: VMWare AppDefense API Protocol (June 6)
  • New: Microsoft Windows Defender ATP (June 29)
  • Updated: Akamai Kona REST API (July 31)
  • Updated: Amazon AWS CloudTrail (July 24)
  • Updated: JDBC Protocol (July 24)
  • Updated: Microsoft Exchange Protocol (July 20)
  • Updated: Cisco Firepower eStreamer (July 17)
  • Updated: Log File (July 12)
  • Updated: Amazon Web Services (June 29)
  • Updated: Protocol Common (June 29)
  • Updated: Microsoft Azure Event Hubs (June 11)
  • Updated: Office365 REST API Protocol (June 8)

 

Scanners

 

  • Updated: Nmap Scanner (July 25) 
  • Updated: Nmap Scanner (June 28)
  • Updated: Axis Scanner (June 14)

 

10. Support articles and useful information


 

More to come


Next month we will deliver another support newsletter with information relevant to IBM Security QRadar. In the future we plan to address questions, provide more articles, support tips, and also cover new and existing features in support videos. If you have suggestions, please visit our IBM Customer Forum for QRadar and let us know.

 

 

 

 

 

 

 

[{"Product":{"code":"SSBQAC","label":"IBM Security QRadar SIEM"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Component":"Newsletters","Platform":[{"code":"PF016","label":"Linux"},{"code":"PF033","label":"Windows"}],"Version":"Version Independent","Edition":"All Editions","Line of Business":{"code":"LOB24","label":"Security Software"}}]

Document Information

Modified date:
20 September 2018

UID

ibm10732085