Posts

Generate Demo Log Events for QRadar CE 7.3.1

Image
In my previous blog , we installed QRadar Community Edition (QCE) 7.3.1 on CentOS 7.5 server step-by-step but there’s no logs, flows and offenses. As a next step, we need to bring in log events into QRadar in order to – 1)              Understand its working 2)              Demonstrate security scenarios and QRadar’s working 3)              Test custom/pre-built rules In this blog, we’ll generate some logs. To do so we need two items – 1)              logrun.pl tool to generate the events 2)              Sample log files Jose Bravo is an IBM Expert in QRadar SIEM. He has shared lots of great videos on his youTube channel https://www.youtube.com/user/jbravovideos . We’ll use some of his resources from here - https://ibm.ent.box.com/s/ich0yyiw54y0ek6s9a66xvtjku8e42rc . Let’s download demo.zip file. Let’s copy the file in QRadar machine using FileZilla in “/store” folder. Now, connect to QRadar server and unzip the demo.zip file.
15 comments
Read more

Steps to setup QRadar CE 7.3.1 on CentOS 7.5 Server

Image
Overview QRadar Community Edition (QCE) is a free version of QRadar that is based off of our core enterprise SIEM. This version is limited to 50 events per second and 5,000 network flows a minute, supports apps, but is based on a smaller footprint for non-enterprise use. Users, students, security professionals, and app developers are encouraged to download QRadar Community Edition to learn and become familiar with QRadar.  New features are now provided to QCE 7.3.1 users, such as reduced downtime with a new Event Collection (ingress) service, updated user interface, IPv6 improvements, password policy updates, new API endpoints, and more. QCE enables IBM Security X-Force® Threat Intelligence IP reputation data for users. The Microsoft Windows Security Event Log (DSM) is now installed by default. To install QCE 7.3.1, here’s the minimum system requirements: CentOS/Red Hat 7.5 operating system Memory - 6GB. You need 8 GB if you are using X-Force tests or Ariel quer
1 comment
Read more