Basic steps for deploying QRadar SIEM

Taking the time to complete these steps will ensure a smooth deployment and get the max value of your new QRadar SIEM appliances.

Here are some tips to review before deploying a QRadar SIEM appliance in your environment as quickly and easily as possible.

 

  1. Use the KISS principle (Keep It Simple Silly)
  2. Review your network design – You have to know what your network design looks like, if you want to be able to protect it. You have to know and understand it before you can secure it. It would be best to have a diagram of your network.
  3. Gather a complete list of your business assests (servers, network devices, applications, personnel, etc.). There should be a detailed list of IP addresses and names of the above-listed equipment, with their function, within your business environment.
  4. If you have multiple sites, have them listed by name, location and subnets.
  5. Confirm that you have access to all equipment that will be sending log events or network traffic (Qflow and Netflow). In larger organizations, you may need to arrange times to meet with the owners to have the devices configured to send the required data.

Now you have the necessary information to start the deployment phase of your QRadar SIEM appliance.

A Sobering Day for All CEOs

Sadly, the CEO presiding over Target during the recent data breach resigned today.  See USA today article.

This series of unfortunate events for Target begs a key question relating to the risks every company CEO faces today. Did Target leadership ask the right questions about overall IT security and the risk every company faces?

Protecting a company from Cyber bad guys is a never ending battle.  It’s a game of leap frog with some serious consequences if you get behind.  With all the opportunity for full-time, professionally paid, government backed hackers to spend all day every day figuring out new ways to wreck a company, the priority for combating this enemy needs to be pretty high on the list for every CIO and CEO.  But it’s not just about spending all the money you can afford to spend.  It’s about understanding where to spend the money on the right technology.

How do leaders responsible for protecting a company sort out all the noise from the real threats?  This has become a constant exercise in analyzing risk and applying financial priorities accordingly.

As fast as the bad guys are coming up with new ways to exploit a target, new innovative minds are working to counter their moves.  Many of these great technologies are being folded into a portfolio of products and solutions that can be layered across an enterprise to protect and prevent the latest threats from creating the worst kind of headlines.

IBM has been on a major buying spree for the last several years snapping up some of the best and brightest technologies and resources across the globe.  They are quickly assembling an array of tools that are being shaped into the worlds best security risk analysis platform.  By leveraging this risk-based assessment direction, IT leaders can depend on technologies that will not only provide the intelligence about where to address risk, but can be assured that these technologies are probably the best that money can buy.

IBM is currently the third largest security company in the world with the goal of being the largest and the best.  As a Premier IBM Business Partner, we see this investment first hand.  See ComputerWorld’s perspective.

PathMaker Group serves our customers by planning, implementing, and managing these security solutions across the enterprise.  IT Security is a rapidly changing, complex business and our partnership with IBM helps us keep our customers one step ahead of the bad guys.

How to Edit Existing Reports in IBM QRadar SIEM

QRadar comes with several hundred reports built-in by default. Many of the built-in reports will work as expected the first time they are run. Others may produce an output that needs to be adjusted slightly to filter out unnecessary data. Administrators may need to tune these reports to fit their specific environment. For example, you may run a report on user logins to a server with compliance requirements and find the report includes the valid data that is of interest as well as several service accounts that are known and should be excluded from the report output. The report will need to be adjusted to remove the service accounts so only valid data is output.

QRadar uses saved search output as the basis for creating report charts and tables. When configuring new reports the administrator will use the report configuration menu to select previously saved searches to include as a chart or graph in the report. When updating an existing report, the previously used search should be used as a template. By opening the previously created template, the update will take less time and ensure predictable results. Read more