Satisnet Ltd, Basepoint Innovation Centre, 110 Butterfield Great Marlings, Luton, Bedfordshire, LU2 8DL enquiry@satisnet.co.uk
+44 (0) 1582 434320

SOCAutomation IBM App

IBM’s inclusion of apps over the past few releases of QRadar has significantly increased the old saying of a ‘a single pane glass view’. Having the ability to view core infrastructure tooling from the SIEM will enable not only SOC analysts but SIEM administrators to view the data which has been sent via these point solutions and then enable the user to view the source of those events.

Read More

QRadar Technical Blog: Connect QRadar to a phone using SMS messaging

Using a script from the Custom Action selection, QRadar may now communicate with a mobile phone using SMS messaging. The console must have direct Internet access for this feature to function properly.

Read More

QRadar User Behavioural Analytics App (UBA) version 2.2.0

With the development of the UBA App Extension, IBM is providing a very useful method of exposing a wide variety of user activities that may be fraudulent or malicious.

Read More

QRadar Use Case Series: Part 3: Data Exfiltration Attempt Through Online Storage

Welcome back to the IBM QRadar use case series. I am going to give ‘User Activity Monitoring’ a break for some time and focus this particular post on ‘File Activity Monitoring’. Although, not that dissimilar, we are identifying trends around directories and in particular files.

Read More

QRadar Technical Blog: HA and DR

People often question whether to use High Availability (HA) or Disaster Recovery (DR). In our view this is not really a valid question. The two techniques address different issues and probably the choice of “HA or DR” should be re-defined as “HA and DR”.

Read More

Enrich X-Force threat intelligence reports with additional 3rd party sources

The right click X-Force feature on QRadar is limited to only X-Force reports. You can further enrich the information on X-Force exchange by integrating 3rd party threat intelligence sources.

Read More

QRadar Technical Blog: To Flow Or Not To Flow

QRadar began life as a network product, converted to an event log management tool and is now returning to its roots with QRadar Network Insights (QNI).

Read More

QRadar Technical Blog: Using QRadar to check for WCry

After the events of the last few weeks you might wish to protect your network against a second invasion of the WannaCry malware. By all accounts the next instance may well be nastier than the first.

Read More

QRadar Technical Blog: Suggested Deployment

After the last blog regarding the use of data nodes, there has been a request for suggestions around how the deployment should look. First we should say that there are many ways of deploying QRadar and while there are certainly some wrong ways, there are many ‘right’ ways each depending upon the size of network, number of devices, activity and other metrics.

Read More

QRadar Technical Blog: Why Add A Data Node To QRadar

This is a common question posed by QRadar users trying to understand some of the newer additions to the QRadar family.

Read More

QRadar Use Case Series: Part 3: Data Exfiltration Attempt Through Online Storage

Welcome back to the third instalment of this IBM QRadar use case series. I am going to give ‘User Activity Monitoring’ a break for some time and focus this particular post on ‘File Activity Monitoring’. Although, not that dissimilar, we are identifying trends around directories and in particular files.

Read More

QRadar - Managing Reference Data

One of our QRadar Security Engineers takes you through managing reference data prior to the release of QRadar 7.2.8.

Read More

QRadar Use Case Series: Part 1 - User Activity Monitoring - Employee Probation

In this series of use case scenarios using IBM QRadar SIEM, we will look at a set of key log sources which are required for a successful deployment. These log sources although not glamorous are embedded into all companies, forming the backbone of most organisations security posture.

Read More