IBM Security QRadar

Expand all | Collapse all

IBM QRadar Health Checks

  • 1.  IBM QRadar Health Checks

    Posted Tue January 19, 2021 03:32 PM
    Hi everyone,

    I'm curious on how to set up some health checks, from the new update on QRadar 7.4 I seem to be not able to find any docs or ways to set it up.

    ------------------------------
    d d
    ------------------------------


  • 2.  RE: IBM QRadar Health Checks

    Posted Wed January 20, 2021 04:45 AM
      |   view attached
    Hi,

    Kindly find the Attached Q-Radar Health check document 
    I hope that can helps you.


    ------------------------------
    Moustafa Salah
    ------------------------------

    Attachment(s)



  • 3.  RE: IBM QRadar Health Checks

    Posted Wed January 20, 2021 06:44 AM
    Hi,

    It seems that you have misunderstood the question. But thank you anyways with sharing the document. I'm searching for a way for automated notification for system health checks, e.g. email and etc for an x,y,z user.​ For reference - https://www.ibm.com/support/knowledgecenter/SS42VS_7.4/com.ibm.qradar.doc/c_qradar_core_whatschanged_740.html

    ------------------------------
    d d
    ------------------------------



  • 4.  RE: IBM QRadar Health Checks

    Posted Wed January 20, 2021 08:33 AM
    Hello "D D",

    If the requirement is about the health of QRadar (as in non-Cyber health of the software components), there is no single centralised application nor automation that I am aware of (happy to be corrected).

    There are things like QDI and all the software elements provide both Health metrics and events on change of state (or error). But you will need to roll your own method to capture and then take action.

    if the above is not what is being asked for, explain the use case a bit more.

    Regards,

    ------------------------------
    Darren H.
    ------------------------------



  • 5.  RE: IBM QRadar Health Checks

    Posted Thu January 21, 2021 02:15 AM
    Hi d d,

    have a look at QLean app, it might be useful for you.
    IBM AppEx: https://exchange.xforce.ibmcloud.com/hub/extension/7b76f487c8e370a3749d9264cd5998d9
    App's site: https://qlean.io

    ------------------------------
    Dmitry Berezovik
    ------------------------------



  • 6.  RE: IBM QRadar Health Checks

    Posted Thu January 21, 2021 04:28 AM
    Thanks Dmitry - good spot ... Note that it is a paid app and needs a demo license (according to the developer website).

    There's also a 2019 YT video and slides from the IBM Support Team here:

    Maintaining QRadar 101 Open Mic Replay (25 April 2019) - YouTube

    Regards,

    ------------------------------
    Darren H.
    ------------------------------



  • 7.  RE: IBM QRadar Health Checks

    Posted Thu January 21, 2021 05:35 PM
    Hi,

    I recommend you QLEAN for advanced QRadar health assessment.

    It is published on IBM AppEx: https://exchange.xforce.ibmcloud.com/hub/extension/7b76f487c8e370a3749d9264cd5998d9 

    The most recent version is always available here: www.qlean.io 

    Nastassia

    ------------------------------
    Nastassia Pryhunova
    ------------------------------



  • 8.  RE: IBM QRadar Health Checks

    Posted Thu January 21, 2021 05:35 PM

    Hi "D D",

    I recommend you to try QLEAN for advanced QRadar health assessment.

    It is available on IBM AppEx: https://exchange.xforce.ibmcloud.com/hub/extension/7b76f487c8e370a3749d9264cd5998d9

    This app will provide you with 50+ performance and behavioral metrics (Data Quality, Offense Analysis, Rules Performance, SOC KPIs etc) and help you get a detailed snapshot of your system state.

    Regards,
    Nastassia



    ------------------------------
    Nastassia Pryhunova
    ------------------------------



  • 9.  RE: IBM QRadar Health Checks

    Posted Thu January 21, 2021 05:34 PM
    Hello dd,

    I mainly use cliniq, recon, defect-inspector and ha_diagnosis for a general health check. You can find them with the description at this link: https://www.ibm.com/community/qradar/home/tools/

    WIth a crontab I launch them weekly and I send the results via email.


    ------------------------------
    Matteo De Bernardin
    ------------------------------



  • 10.  RE: IBM QRadar Health Checks

    Posted Thu January 21, 2021 05:36 PM
    Take a look at QLean in the App Exchange. I know the devs for the app - they actually do QRadar healthchecks all the time as a services engagement. They built this app to help them save time. It's better than QDI, and can really help you zero-in on all sorts of issues. 

    -ML

    ------------------------------
    Matthew Likes
    ------------------------------