Core Platform Updates

• Upgrade to RedHat 7.7
  • Necessary to continue receiving security updates from Red Hat Enterprise Linux.

• Easily parse multi-line event payloads in DSM Editor
  • In the DSM Editor, you can specify a custom delimiter that makes it easier for QRadar 7.4.1 to ingest multi-line events
    

• Parsing Status in the DSM Editor
  • In the Log Activity Preview of the DSM Editor, you can track the status of event properties. The Parsing Status column indicates whether your event properties are successfully parsing and mapping to a QID record.
    

• Event ID and Event Category fields copied to Event Mapping
  • You can select the unmapped Event ID and Event Category fields of your previewed events to copy them into the corresponding event mapping fields
    

• Use Case Manager app is installed OOTB

• Support for the flow ID field in NetFlow v9 flow records
  • Now supports the flowId field (IANA element 148) in NetFlow Version 9 data exports. In QRadar, the field appears in the Vendor Flow ID field on the Flow Details window.

• • The flow ID is used as part of the flow's unique identifier so that only flow records with the same flow ID value are aggregated together. Sessions with different flow IDs are kept separate and mapped to different Flow ID values.

• • You can use the flowId field in filters and searches to quickly identify all of the flow records in a particular session

• 40gbps Napatech network connectivity for QNI and Flow Collector appliances
  • Now supports the new Napatech NT200A02 (2 x 40 Gbps) SmartNIC
  • Note: Napatech has deprecated support for the NT20E SmartNIC