What’s new in QRadar 7.3.2

By Sophia McCarthy posted Thu February 14, 2019 05:04 PM


Over the past year, we've come together to deliver yet another outstanding version of QRadar with amazing new features ranging from UI facelifts to platform updates.

Here’s a couple great features you can get now in 7.3.2:


Introducing App Host (Formerly QRadar App Node)


You can now store and manage your applications with the new App Host! This means, you no longer have to upgrade the App Node separately from your managed hosts as QRadar is now managing it for you. All applications are now offloaded to a new host, relieving the console from the processing load.


Data Obfuscation for Multi-Tenant Environments


QRadar’s data obfuscation capabilities allow administrators to strategically restrict and restrict visibility to this type of PII data within their environments. Data Obfuscation can now be configured on a per-tenant or domain basis.


Security Assertion Markup Language (SAML) 2.0


Enterprise Single Sign On, Two/Multi Factor Authentication... all solutions our customers look to in an effort to secure and manage authentication to infrastructure within their enterprises.  QRadar 7.3.2 introduces support for SAML 2.0 which will allow our customers to choose best of breed technologies for identity management and apply those same technologies to govern authentication and authorization within the QRadar platform.



Visualize Rule Performance


Previously, users had no easy way in the UI to view the relative performance of their rules, and could not easily identify rules that have performance issues.

Now, you can easily determine the efficiency of rules in the QRadar pipeline, directly from the Rules page! We now have the ability to sort rules by their performance metrics, you can adjust the tests to optimize the rule, and reduce the rules load on the system. This allows for us to easily identify expensive rules.


Enhanced AQL Saved Searches


This will allow users who are learning AQL to gain a better grasp over the function, or allow seasoned users to quickly convert basic searches and leverage more advanced features without rewriting the search from scratch.


Conveniently access the Admin tab


It’s back! The Admin tab can now be marked as a favorite and can be conveniently accessed from QRadar as a menu tab.


LEEF AND CEF Streaming Support


Continuing our push to simplify data ingestion, we have updated the process of getting LEEF and CEF data into QRadar and make this functionality fully searchable. In fact, we have pretty much trimmed the whole process down to two steps:


  1. Tell QRadar that you would like to auto-discover the properties for this feed.
  2. Get the data in… syslog, flat files, you name it… just get the data into QRadar


Step 1 is as easy as changing an existing DSM that supports CEF or LEEF, via the DSM Editor. 

Step 2 is as simple as configuring a log source within QRadar and get the data flowing. Within seconds, QRadar will evaluate the incoming data feed and produce custom properties for each field within the event data.


With one extra step, users can quickly update the DSM parsing as well by simply copying the auto discovered property definition. No need for REGEX.


You can check out more of our new QRadar 7.3.2 features here!

Release of the QRadar 7.3.2 SFS ( here!