We installed the analysts work flow app that provides an alternate interface to QRadar that focuses on the security analyst role.
It looks nice and seems to have some good functionality but we have questions.
My analyst tells me that CRE rule events do not show up there. Those are important for our event analysis and we would like to be able to see them. Is there a way to do that?
Also this only runs on the SIEM console. That is problematic, especially as we have dedicated 12 cores to our Apphost so that we wouldn't have to bog the console down with apps like this.
What's up with that, and is there a way to run this on the Apphost despite the install shell's dire warning about (read the following with a deep, ringing, authoritative James Earl Jones type voice) ONLY RUN THIS ON THE CONSOLE.
Thanks for any help you folks can give. I find myself impressed with the expertise that is often shown in this list.
Regards,
Daniel Sichel
Daniel Sichel, Security Engineer, CISSP #422810
Community Medical Centers
Compliance Office – Information Systems Security
1540 E. Shaw, Suite 101, Fresno CA. 93710
Phone: (559) 724-4265 ext. 24265 | Fax: 559-724-4271
Cell: (559) 230-9444
dsichel@communitymedical.org
------------------------------- WARNING/CONFIDENTIAL: -------------------------------
This email, including attachments, may contain information that is privileged, confidential,
and/or exempt from disclosure under applicable law (including, but not limited to, protected
health information). It is not intended for transmission to, or receipt by, any unauthorized
persons. If the reader of this message is not the intended recipient you are hereby notified
that any dissemination, distribution or copying of this communication is strictly prohibited.
If you believe this email was sent to you in error, do not read it. Reply to the sender informing
them of the error and then destroy all copies and attachments of the message from your system.
Thank you.