We're excited to announce the latest update for IBM QRadar SIEM On-Prem, the 7.5.0 Update Package 9 (UP9), which brings a host of new features, enhancements, and performance improvements to boost the operational efficiency and functionality of your security operations.
The QRadar 7.5.0 UP9 release focuses on enhancing the user experience with a sleek new interface, introducing advanced data handling capabilities, and significantly improving system performance. Here’s a detailed look at what’s new:
A Fresh Look: Dark Theme Interface!
One of the most exciting changes in this update is the introduction of the sleek new dark theme for the IBM QRadar user interface (see Figure 1). This visual update is achieved through CSS changes, ensuring a seamless transition to the modern dark mode. Designed to reduce eye strain and enhance visibility in low-light environments, this update provides a more comfortable and efficient user experience for security analysts who spend long hours monitoring and analysing data.
While the light mode option is no longer available, this change solely affects the appearance and does not impact any of the product's functionalities. The robust capabilities you rely on remain unchanged, now presented in a contemporary dark mode.
In future releases, the light theme will undergo a refresh and will be made available to better accommodate users who prefer a lighter interface. This update will enhance the overall user experience by providing a more visually appealing light mode. We are committed to making the interface more versatile and user-friendly for everyone.
We highly value your feedback on the new dark theme UI! Please share your thoughts and suggestions here.
Figure 1: QRadar Dashboard Showcasing the New Dark Mode Interface
Introducing the CIDR Data Type for Reference Data
The 7.5.0 UP9 update introduces a highly anticipated feature: support for CIDR (Classless Inter-Domain Routing) in reference sets. This enhancement significantly bolsters our IP range detection capabilities, allowing for more efficient and precise identification of potentially malicious IP ranges. Covering both IPv4 and IPv6 addresses, the CIDR support in reference sets provides a robust framework for security analysts to manage and monitor network traffic more effectively.
With CIDR, QRadar can quickly parse and evaluate large datasets of IP addresses, identifying threats within specific IP ranges without the need for individual IP entries. This capability streamlines threat detection processes, enabling faster and more accurate responses to potential security incidents. The ability to define and use CIDR ranges in reference sets means that analysts can better manage and analyse IP data, focusing their efforts on high-risk areas and improving the overall security posture of their organisations. By leveraging CIDR in reference sets, security teams can achieve faster detection and response times, reduce the risk of false positives, and maintain a proactive approach to network security. This update is a crucial step forward in ensuring that QRadar continues to deliver top-tier performance and reliability in threat detection and management.
For more information, see Command reference for reference data utilities.
Console Only Disaster Recovery
Introducing Console Only Disaster Recovery (Console Only DR), a game-changer for administrators tasked with Disaster Recovery planning. By deploying the console at the DR site, this innovative approach slashes infrastructure costs and simplifies operations through a streamlined UI interface on the DS App.
Console Only DR eliminates the need for failover for each Managed Host (MH), reducing technical complexity and costs associated with traditional disaster recovery setups. It minimizes the risk of errors inherent in manual console commands, ensuring all operations are executed seamlessly through an intuitive, user-friendly interface.
This solution not only meets stringent compliance requirements but also drastically cuts down on maintenance efforts and costs at the disaster recovery site. Customers benefit from a straightforward installation and upgrade process facilitated through the IBM Security App Exchange, making Console Only DR a reliable choice for efficient and cost-effective disaster recovery strategies.
QRadar Offline Forwarding Enhancements
Significant improvements have been made to the Offline Forwarder's performance. By optimising access patterns, introducing robust caching structures, and enhancing overall functionality, the Offline Forwarder has been optimized to maintain data transmission speeds that align seamlessly with the rate at which events are received from diverse data sources.
This enhancement marks a substantial leap forward, particularly benefiting larger customers with intensive forwarding needs, who can now experience up to a 10X increase in forwarding performance. This ensures the Offline Forwarder remains reliable and performs exceptionally well even during peak events per second (EPS) loads, meeting and exceeding expectations for data handling efficiency in demanding environments.
Enhanced Monitoring with RegexMonitor
RegexMonitor has been significantly enhanced with the addition of a new optional Monitor-only mode. This innovative feature allows users to receive notifications about expensive artifacts detected during parsing without automatically disabling them. By implementing this mode, administrators can maintain greater control over their monitoring activities, ensuring that they are well-informed about potential performance issues without immediate disruption to the system.
The Monitor-only mode empowers security teams to take a more strategic approach to managing parsing activities. Instead of automatically disabling expensive artefacts—which could potentially disrupt important data flows—administrators are alerted to these issues and can then analyse the situation to determine the best course of action. This proactive approach allows for better decision-making and prioritisation of resources, ensuring that the system remains both efficient and effective.
Significant Performance Enhancements
Performance is a key focus in this update, with several significant enhancements:
- Improved Search Performance: Search operations on Data Nodes can now be up to twice as fast in certain scenarios, providing quicker access to critical data.
- Faster Quick Filter Index Generation: The generation of Quick Filter indexes on Data Nodes is now faster, supporting timely indexing of larger data volumes and improving overall system efficiency.
- Enhanced JSON Encoded Offline Forwarding Speed: The speed of JSON encoded offline forwarding has been increased by up to 80 times, depending on the size of forwarded events and the custom properties used. This improvement ensures more efficient data handling and quicker processing times.
How to Get the Update?
The QRadar 7.5.0 UP9 update is available for download from the IBM Support Fix Central. We encourage all users to upgrade now to experience these enhancements and streamline your security operations with IBM QRadar SIEM On-Prem 7.5.0 UP9. Follow this guide for a step by step upgradation procedure.
Stay tuned for more updates and enhancements in future releases. Thank you for choosing IBM QRadar.