Content







IBM Security QRadar Community,



Thank you for taking the time to review the QRadar Support Newsletter. The purpose of this newsletter is to provide a summary of activity related to QRadar, support information, news, "how-to" articles, tips for IBM Security QRadar SIEM and other associated QRadar products directly to QRadar users and administrators. Our goal is to provide knowledge and solutions to help security specialists complete their day-to-day activities.







1. QRadar software release information

Recent QRadar software releases and important information for administrators. For a list of all QRadar software versions and release notes, see: http://ibm.biz/qradarsoftware

QRadar Software for 7.2.x

- QRadar 7.2.8 Patch 11 (January 4)



QRadar 7.2.8 Patch 11 (January 4) QRadar Software for 7.3.x

- QRadar 7.3.0 Patch 7 (Dec 13)

- QRadar 7.3.1 (Dec 18)

- QRadar 7.3.1 Patch 1** (Jan 26)



**NOTE: QRadar 7.3.1 Patch 1 resolves an issue for Lenovo M5 x3550 or M5 x3650 appliances where the appliances might randomly reboot due to a Red Hat Kernel defect. This release resolves the APAR on this issue and the associated flash notice was updated. For more information, see: QRadar 7.3.1 issue on Lenovo x3550 M5 and x3650 M5 appliances (Software available) .

2. QRadar Open Mic Events Coming Soon

The next two QRadar Open Mic events are announced for February and March. For those who have not attended previously, QRadar Open Mic webcasts consist of a round table of QRadar experts who discuss a topic and take chat questions from the audience. QRadar Open Mic sessions are open to all participants who want to attend and learn more about QRadar. Users who subscribe to the newsletter list will receive an email invitation and a reminder email the day before the event.

February 27th, 2018

QRadar Support will host a session in February on 'QRadar Cloud Architecture and Event Integrations'. This session will discuss cloud architecture and some of the challenges administrators face when integrating event sources from cloud environments. This panel is hosted by QRadar Support, QRadar Architecture, QRadar Integrations, and the QRadar Client Technical Professional team.



QRadar Support will host a session in February on 'QRadar Cloud Architecture and Event Integrations'. This session will discuss cloud architecture and some of the challenges administrators face when integrating event sources from cloud environments. This panel is hosted by QRadar Support, QRadar Architecture, QRadar Integrations, and the QRadar Client Technical Professional team. In March

The QRadar Support Open Mic session will be hosted live from Think in Las Vegas. The topic will be 'Taking Advantage of new QRadar 7.3.1 Features'. This panel consists of members from QRadar Support and QRadar Architecture teams. For more information about IBM Think, see: https://www.ibm.com/events/think/ .



3. Windows Protocols and SMBv2 Support

4. QRadar 7.3.1 Documentation PDFs

IBM has released QRadar protocol RPMs to support both SMBv1 and SMB2 to resolve the connection issues related Microsoft's disabling the SMBv1 connectivity. This release update enhanced the existing SMB protocols for QRadar to allow connections using the SMBv2 file sharing protocol. To enable SMBv2, all five protocol RPMs must be installed in a single command. These protocol updates are not available through QRadar Auto Updates and must be installed manually. For installation instructions and a link to IBM Fix Central, see: QRadar: Microsoft Windows Log Sources and Support for SMBv1 and SMBv2 (Updated) The release of QRadar 7.3.1 moved the default documentation PDFs to the QRadar Knowledge Center. Administrators who have updated to QRadar 7.3.1 can bookmark the following links:

5. QRadar User Groups

IBM is hosting several QRadar User Groups in the first quarter of 2018. The following cities have events coming soon:

User Group #1

- Location: Omaha, Nebraska

- Date: February 21, 2018

- Registration: https://www.ibm.com/events/wwe/grp/grp304.nsf/Registration.xsp?openform&seminar=F23S3KES

User Group #2

- Location: Scottsdale, Arizona

- Date: February 26, 2018

- Registration: https://www.ibm.com/events/wwe/grp/grp304.nsf/Registration.xsp?openform&seminar=EQ6PW7ES

User Group #3

- Location: Ottawa, Canada

- Date: February 26, 2018

- Registration: https://www.ibm.com/events/wwe/grp/grp304.nsf/Registration.xsp?openform&seminar=B3FRMXES

User Group #4

- Location: Calgary, Canada

- Date: March 1, 2018

- Registration: https://www.ibm.com/events/wwe/grp/grp304.nsf/Registration.xsp?openform&seminar=ABZNWJES

User Group #5

- Location: Washington, D.C.

- Date: March 13, 2018

- Registration: https://www.ibm.com/events/wwe/grp/grp304.nsf/Registration.xsp?openform&seminar=96FM6YES

6. QRadar Master Console v0.12.0

7. New X-Force & QRadar Functionality: Am I Affected?

A new version of the QRadar Master Console software v0.12.0 is available on IBM Fix Central and includes the ability to monitor QRadar 7.3.0 / 7.3.1 deployments and introduces extension management. The new extension functionality allows Master Console administrators to take an extension from the IBM App Exchange, upload the zip file, then deploy the app or extension to one or more QRadar Consoles. The Extensions view provides visibility for each Console where the app/extension is deployed to provide make management of extensions easier. For more information, see the Master Console documentation The X-Force Exchange 'Am I Affected' option helps users quickly determine whether they are affected by zero-day attacks, such as Petya or WannaCry. The architecture cross-references QRadar log activities to determine if events and flows are related to any IOCs that are captured within a XFE public or private Collection. Users can assess the impact via graphical and tabular reporting, with quick pivoting back to QRadar. This service is entirely browser-based, so it does not cache QRadar data or send QRadar data to the X-Force Exchange server, and no QRadar data is stored on X-Force Exchange. To enable this integration, QRadar administrators must provide the Console IP Address and an authentication token into the X-Force Exchange using. The 'Am I Affected' button is free to all QRadar users.





8. QRadar Pulse v2.0 Early Access

9. User Behavior Analytics v2.5

Quickly investigate a user’s anomalous behavior with an inline event viewer to review the events that triggered specific UBA rules and use cases.

A new in application 'Help and Support' page provides useful links, tutorials, and support functions.



10. IBM BigFix App for QRadar v2.0

A new version of the QRadar Pulse app is available on the IBM App Exchange for administrators on QRadar 7.3.1. The new QRadar Pulse v2.0 application adds new unique dashboards that can be fine tuned and customized to display in a multi-screen SOC environment. QRadar Pulse v2.0 requires QRadar v7.3.1 to install. For more information, see QRadar Pulse v2.0 on the X-Force App Exchange. Administrators should be aware that User Behavior Analytics version 2.5 is now available on the X-Force App Exchange This release includes two new features:A new BigFix App for QRadar v2.0 is available for administrators. This application includes a number of new features and several enhancements.

New: Configuration compliance status

New: On demand malware classification of crypto-hashes through the IBM X-Force Exchange

New: Trending for Patch, Vulnerability and Compliance status with a selectable time interval

New: BigFix data refresh on demand

Enhancement: App configuration and serviceability improvements (features visibility, build number and more)

Enhancement: Improved performance (8x - 25x in a reference lab environment)

Enhancement: Support for up to 100k endpoints





11. What's new on the IBM Security App Exchange

12. Device and integration updates

DSMs

Protocols

13. Support articles and useful information

We are on Twitter

More to come