The Log Source Management App, available on IBM Security App Exchange, has redesigned the way you manage Log Sources in QRadar. This app enables you to easily create, manage and maintain Log Sources within QRadar. It offers a wide range of features of bulk functionality, advanced searching, enhanced filtering functionality and a workflow wizard to help guide you through the process of configuration.
Below highlights a couple key features that will without-a-doubt make working with Log Sources easier and smoother.
Adding Log Sources
Adding a log source
You can now add as many Log Sources as you want with our Multiple Log Sources feature. There is a workflow wizard that will guide you through configuring multiple Log Sources with handy tooltips for more detailed information. You’ll start off with selecting which Protocol Type you want to configure, then you can Configure Common Parameters that you want to set for all of the Log Sources. However, if you have Log Sources that you want to configure with different parameter values, there is an option to Configure Individual Parameters.
Adding multiple log sources
If you want to quickly add a Log Source within a single screen, the Quick Log Source option comes in handy as it adds new log sources in a single screen without having to use multiple screens.
Quickly adding a log source
Filtering Log Sources
The Log Source Management App offers an easy and efficient filter panel to guide you through filtering your Log Sources to show only the ones that are of interest to you.
Filtering Log Sources
Faster Searching of Log Sources
Easily search through thousands of Log Sources by searching with Log Source Identifier, Log Source Name, and Log Source Description.
Searching Log Sources
Managing Log Source Columns
As compared to the classic Log Source UI, you can now manage what columns you want to view in your Log Source window.
Managing Columns
Downloading Log Source Information
If you’re an analyst and need to provide the networking team in your organization with a list of Log Sources to tend to, or you need to export Log Sources and the accompanying data for further analysis, or need to share Log Source information with your management, you can now export selected log sources and it’s data to a CSV file.
Download Log Source Information
Bulk Features
You can now create, view, edit and delete log sources in bulk. This is definitely a huge time saver for those that are managing thousands of Log Sources.
Bulk View Log Sources
Bulk Edit Log Sources
Bulk Delete Log Sources
Bulk View of Events
Log Source Activity Filtered events
In short, the Log Source Management App will save you time and energy with its easy and intuitive workflows, allowing you to manage log sources more effectively.
Additional References
IBM Knowledge Center Configuration Guide – QRadar Log Source Management App
Visit the IBM Security Learning Academy for a course on how to use this app.
#QRadar