IBM Security QRadar

 View Only

Changing the Way You Manage and Maintain Log Sources Within QRadar

By Sophia Sampath posted Tue June 11, 2019 07:56 PM

  

The Log Source Management App, available on IBM Security App Exchange, has redesigned the way you manage Log Sources in QRadar. This app enables you to easily create, manage and maintain Log Sources within QRadar. It offers a wide range of features of bulk functionality, advanced searching, enhanced filtering functionality and a workflow wizard to help guide you through the process of configuration.

Below highlights a couple key features that will without-a-doubt make working with Log Sources easier and smoother.

Adding Log Sources
Picture1.png

Adding a log source

 

You can now add as many Log Sources as you want with our Multiple Log Sources feature. There is a workflow wizard that will guide you through configuring multiple Log Sources with handy tooltips for more detailed information. You’ll start off with selecting which Protocol Type you want to configure, then you can Configure Common Parameters that you want to set for all of the Log Sources. However, if you have Log Sources that you want to configure with different parameter values, there is an option to Configure Individual Parameters.

 Picture2.png

Adding multiple log sources


If you want to quickly add a Log Source within a single screen, the Quick Log Source option comes in handy as it adds new log sources in a single screen without having to use multiple screens.

 Picture3.png

 Quickly adding a log source


Filtering Log Sources

The Log Source Management App offers an easy and efficient filter panel to guide you through filtering your Log Sources to show only the ones that are of interest to you.

Picture4.pngFiltering Log Sources

Faster Searching of Log Sources


Easily search through thousands of Log Sources by searching with Log Source Identifier, Log Source Name, and Log Source Description.

Picture5.pngSearching Log Sources


Managing Log Source Columns

As compared to the classic Log Source UI, you can now manage what columns you want to view in your Log Source window.

Picture6.png Managing Columns

 

Downloading Log Source Information

 

If you’re an analyst and need to provide the networking team in your organization with a list of Log Sources to tend to, or you need to export Log Sources and the accompanying data for further analysis, or need to share Log Source information with your management, you can now export selected log sources and it’s data to a CSV file.

Picture7.pngDownload Log Source Information
 

Bulk Features

 

You can now create, view, edit and delete log sources in bulk. This is definitely a huge time saver for those that are managing thousands of Log Sources.

Picture8.pngBulk View Log Sources



Picture9.png
Bulk Edit Log Sources

 

Picture10.png

Bulk Delete Log Sources

 

Picture11.pngBulk View of Events

 

Picture12.pngLog Source Activity Filtered events

 

In short, the Log Source Management App will save you time and energy with its easy and intuitive workflows, allowing you to manage log sources more effectively.

 

Additional References

IBM Knowledge Center Configuration Guide – QRadar Log Source Management App

Visit the IBM Security Learning Academy for a course on how to use this app.



#QRadar
0 comments
46 views

Permalink