We are using IBM Qradar SIEM version 7.5.0 UP2 that is behind multiple defensive layers of security controls. Recently a company KPMG Audit Firm performing our internal audit and raise an objection that our organization needs to perform VAPT of IBM Qradar SIEM using relevant offensive security tools. It was not our practice to install any third party software or scan through any offensive security tools on Qradar SIEM as mentioned in IBM Security article that do not install third party software on SIEM. (Article attached for reference)
Kindly provide comments/remarks on this case because if we performs offensive scanning of Qradar SIEM, it might got impacted or our monitoring also got impacted through it. Because Qradar SIEM itself defensive/detective control. Kindly provide verdict of IBM that is it allowed to install 3rd party software on SIEM or scan/push vulnerable payloads to SIEM to check penetration testing or not?
------------------------------
Danish Ahsan | Manager Cyber Security Operations Center
Manager SOC | Pakistan Stock Exchange
Karachi | Sindh
+92-337-3173873
------------------------------