IBM QRadar

IBM QRadar

Join this online user group to communicate across Security product users and IBM experts by sharing advice and best practices with peers and staying up to date regarding product enhancements.

View Only

Back to discussions

Expand all | Collapse all

Multi Tenant property with Different Storage Folder

1. Multi Tenant property with Different Storage Folder

Like
Halil BALIM
Posted Thu December 26, 2019 02:02 AM

Reply
Hi,

I am thinking to apply multi-tenancy on QRadar for differentiate a company's logs.

Is there a configuration of taking the back-ups of this log source/tenant/domain to the another folder rather than default back-up folder?

I am looking forward for your help and comments

------------------------------
Halil B.
------------------------------
2. RE: Multi Tenant property with Different Storage Folder

Like
Dusan VIDOVIC
Posted Mon December 30, 2019 05:26 AM

Reply
In such cases I would advise to use separate event or combined event/flow processor instances per tenant. This way you could e.g. mount different network shares for each event processor to be used for their backup.

------------------------------
Dusan VIDOVIC
------------------------------

Original Message
3. RE: Multi Tenant property with Different Storage Folder

Like
Damian Zinni
Posted Tue December 31, 2019 12:32 AM

Reply
Hi @Halil BALIM,

While QRadar keeps data in separate directories as per https://www.ibm.com/support/pages/qradar-tenant-data-event-retention-or-flow-retention-faq ...

Events: /store/ariel/events/records/aux/tenantID#/Year/Month/Day/Hour/Minute

Flows: /store/ariel/flows/records/aux/tenandID#/Year/Month/Day/Hour/Minute

The data backup currently includes all tenants' data. I opened a request for enhancement (RFE) late 2018 to have one backup per tenant, but it was declined. The RFE was ID: 126298 - QRadar 7.3.1 Event & Flow data backup for multiple tenants.

IBM QRadar RFEs: https://www.ibm.com/support/pages/qradar-request-enhancements-rfe-and-how-use-them

------------------------------
Cheers,
Damian Zinni
------------------------------

Original Message

IBM QRadar

Multi Tenant property with Different Storage Folder

Halil BALIMThu December 26, 2019 02:02 AM

Dusan VIDOVICMon December 30, 2019 05:26 AM

Damian ZinniTue December 31, 2019 12:32 AM

1. Multi Tenant property with Different Storage Folder

2. RE: Multi Tenant property with Different Storage Folder

3. RE: Multi Tenant property with Different Storage Folder

Additional
Resources

Office

Quick Links

IBM QRadar

Multi Tenant property with Different Storage Folder

Halil BALIMThu December 26, 2019 02:02 AM

Dusan VIDOVICMon December 30, 2019 05:26 AM

Damian ZinniTue December 31, 2019 12:32 AM

1. Multi Tenant property with Different Storage Folder

2. RE: Multi Tenant property with Different Storage Folder

3. RE: Multi Tenant property with Different Storage Folder

Related Content

Qradar issue Reference set / Tenant

QRadar Multi-Tenancy, Domains & Tenants in QRadar

Qradar UBA , domain aware / multi-tenant

QRadar Domains and Tenants Webcast Replay

Creating a new DB on QRadar PSQL

Additional Resources

Office

Quick Links

Additional
Resources