O'Reilly logo

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

IBM QRadar Version 7.3 Planning and Installation Guide

Book Description

Abstract

With the advances of technology and the reoccurrence of data leaks, cyber security is a bigger challenge than ever before. Cyber attacks evolve as quickly as the technology itself, and hackers are finding more innovative ways to break security controls to access confidential data and to interrupt services. Hackers reinvent themselves using new technology features as a tool to expose companies and individuals. Therefore, cyber security cannot be reactive but must go a step further by implementing proactive security controls that protect one of the most important assets of every organization: the company's information.

This IBM® Redbooks® publication provides information about implementing IBM QRadar® for Security Intelligence and Event Monitoring (SIEM) and protecting an organization's networks through a sophisticated technology, which permits a proactive security posture. It is divided in to the following major sections to facilitate the integration of QRadar with any network architecture:
Chapter 2, "Before the installation" on page 3 provides a review of important requirements before the installation of the product.

Chapter 3, "Installing IBM QRadar V7.3" on page 57 provides step-by-step procedures to guide you through the installation process.

Chapter 4, "After the installation" on page 77 helps you to configure additional features and perform checks after the product is installed.

QRadar is an IBM Security prime product that is designed to be integrated with corporate network devices to keep a real-time monitoring of security events through a centralized console. Through this book, any network or security administrator can understand the product's features and benefits.

Table of Contents

  1. Front cover
  2. Notices
    1. Trademarks
  3. Preface
    1. Authors
    2. Now you can become a published author, too!
    3. Comments welcome
    4. Stay connected to IBM Redbooks
  4. Chapter 1. Introduction
    1. 1.1 Overview of SIEM
    2. 1.2 Why IBM QRadar for SIEM
  5. Chapter 2. Before the installation
    1. 2.1 Release notes, V7.3.0
    2. 2.2 QRadar capabilities
      1. 2.2.1 Log Activity
      2. 2.2.2 Network Activity
      3. 2.2.3 Assets
      4. 2.2.4 Offenses
      5. 2.2.5 Reports
      6. 2.2.6 Data collection
      7. 2.2.7 QRadar SIEM rules
    3. 2.3 QRadar architecture
      1. 2.3.1 Data collection
      2. 2.3.2 Data processing
      3. 2.3.3 Data searches
      4. 2.3.4 QRadar high availability
    4. 2.4 Components
      1. 2.4.1 QRadar console
      2. 2.4.2 QRadar event collector
      3. 2.4.3 QRadar event processor
      4. 2.4.4 QRadar QFlow collector
      5. 2.4.5 QRadar Flow Processor
      6. 2.4.6 QRadar Data Node
      7. 2.4.7 QRadar events and flows
      8. 2.4.8 Modules and others
    5. 2.5 Preferred practices
      1. 2.5.1 Regulations and compliance
      2. 2.5.2 QRadar features for regulations purposes
      3. 2.5.3 EPS calculation
      4. 2.5.4 Optimization
    6. 2.6 Requirements
      1. 2.6.1 Infrastructure
      2. 2.6.2 System requirements for virtual appliances
      3. 2.6.3 Memory and disk space requirements
      4. 2.6.4 Prerequisites for installing QRadar on your own hardware
  6. Chapter 3. Installing IBM QRadar V7.3
    1. 3.1 Installation process
    2. 3.2 Installing QRadar licenses
    3. 3.3 Setting up high availability
    4. 3.4 Installing apps
    5. 3.5 Installation order of managed hosts
    6. 3.6 Upgrading HA deployments
    7. 3.7 Following the correct upgrade path
  7. Chapter 4. After the installation
    1. 4.1 Event monitoring
    2. 4.2 Events Per Second
    3. 4.3 Features check
      1. 4.3.1 IBM Security QRadar Vulnerability Manager
      2. 4.3.2 The Health Check Framework for IBM Security QRadar SIEM
      3. 4.3.3 IBM QRadar Incident Forensics
      4. 4.3.4 IBM QRadar Network Insights
    4. 4.4 Upgrades and patching
      1. 4.4.1 Preparing for the upgrade
      2. 4.4.2 Upgrading QRadar appliances
      3. 4.4.3 Upgrading QRadar software installations
      4. 4.4.4 Installing Red Hat Enterprise Linux V7.3 and configuring partitions
      5. 4.4.5 Completing the QRadar installation
    5. 4.5 Health checks, monitoring tools
      1. 4.5.1 QRadar basic procedures
      2. 4.5.2 Investigating IP addresses
      3. 4.5.3 Investigate user names
  8. Related publications
    1. Other publications
    2. Help from IBM
  9. Back cover