IBM QRadar: Difference between revisions

From Wiki
No edit summary
 
(22 intermediate revisions by the same user not shown)
Line 1: Line 1:
= Referencias =
* [https://www.ibm.com/docs/pt-br/qsip/7.5?topic=deployment-qradar-architecture-overview Visão geral da arquitetura do QRadar]
:: Ao planejar ou criar sua implementação do IBM QRadar, é importante ter um bom conhecimento da arquitetura e dos componentes do QRadar.
* [https://www.ibm.com/docs/en/dsm?topic=configuration-qradar-supported-dsms QRadar supported DSMs] ou [https://www.ibm.com/docs/en/SS42VS_DSM/pdf/b_dsm_guide.pdf Versão em PDF]
:: O IBM QRadar pode coletar eventos de seus produtos de segurança usando um arquivo de plug-in chamado Device Support Module (DSM).
* [https://exchange.xforce.ibmcloud.com/hub?q=trend&br=QRadar IBM Security App Exchange - QRadar Applications in Exchange.Xforce]
:: Compartilhe aplicativos, extensões de aplicativos e aprimoramentos para produtos IBM Security no IBM Security App Exchange para clientes, desenvolvedores e parceiros de tecnologia.
* [https://github.com/IBM/IBM-QRadar-Universal-Cloud-REST-API/tree/master/Community%20Developed DSM GitHub Community Developed]
* [https://www.ibm.com/support/pages/qradar-core-services-and-impact-restarting-services QRadar: Core services and the impact of restarting services]
* [https://www.ibm.com/support/pages/qradar-troubleshooting-rule-tests-log-activity-searches QRadar: Troubleshooting rule tests with log activity searches]
* [https://www.ibm.com/support/pages/qradar-troubleshooting-custom-rule-performance-findexpensivecustomrulessh QRadar: Troubleshooting Custom Rule performance with findExpensiveCustomRules.sh]
=== Principais Termos ===
=== Principais Termos ===


Line 40: Line 18:
= Artigos =
= Artigos =


* [[IBM QRadar : Principais Comandos e Arquivos| Principais Comandos e Arquivos]]
* [[IBM QRadar: Principais Comandos e Arquivos]]
 
* [[IBM QRadar: Rules]]
 
* [[IBM QRadar: Ofensas]]
 
* [[IBM QRadar: Ariel Query Language (AQL)]]
 
* [[IBM QRadar: Device Support Module (DSM)]]
 
* [[IBM QRadar: Use Case Manager app]]
 
== AQL Queries ==
 
* [[IBM QRadar: AQL Queries]]


* [[IBM QRadar: Rules | Rules]]
== Configurações ==


* [https://www.ibm.com/support/pages/qradar-how-can-you-test-email-services-qradar Teste do envio de email através da CLI de dentro do Appliance]
* [[IBM QRadar: Backup de configurações e dados do QRadar]]


* [https://community.ibm.com/community/user/security/discussion/devices-stopped-sending-events Devices stopped sending Events (Verifique o anexo DSSE.docx)]
* [[IBM QRadar: Recreate a set of daily backup files containing only data from the past month]]


* [https://www.ibm.com/docs/en/qradar-on-cloud?topic=notifications-configuring-event-flow-custom-email Configurando notificações de e-mail personalizadas de eventos e fluxo]
* [[IBM QRadar: Importação em Redes em Lote via REST API]]


* [https://www.ibm.com/docs/en/qsip/7.5?topic=recovery-backup-qradar-configurations-data Backup de configurações e dados do QRadar]
* [[IBM QRadar: Envio de Email]]
: Você pode escolher entre quatro opções de roteamento de regras: Forward, Drop, Bypass correlation, and Log Only.


* [https://www.ibm.com/docs/en/qsip/7.5?topic=data-routing-options-rules Opções de roteamento para regras]
: Você pode escolher entre quatro opções de roteamento de regras: Forward, Drop, Bypass correlation, and Log Only.


* [https://www.ibm.com/support/pages/qradar-how-does-coalescing-work-qradar QRadar: How does coalescing work in QRadar?]
* [https://community.ibm.com/community/user/security/discussion/devices-stopped-sending-events Devices stopped sending Events (Verifique o anexo DSSE.docx)]


* [https://www.ibm.com/docs/en/qsip/7.5?topic=data-routing-options-rules Opções de roteamento para regras] Opções de roteamento de regras: Forward, Drop, Bypass correlation, and Log Only.


* [[IBM QRadar: Importação em Redes em Lote via REST API | Importação em Redes em Lote via REST API]]
* [https://www.ibm.com/support/pages/qradar-how-does-coalescing-work-qradar QRadar: How does coalescing work in QRadar?]


=== Monitoração do QRadar via SNMP ===
* [https://www.ibm.com/docs/bg/qsip/7.4?topic=administration-snmp-trap-configuration Monitoração do QRadar via SNMP]
* [https://www.ibm.com/docs/bg/qsip/7.4?topic=administration-snmp-trap-configuration Monitoração do QRadar via SNMP]
* [https://ftpmirror.your.org/pub/misc/ftp.software.ibm.com/software/security/products/qradar/documents/7.2.2/QNAD/EN/SNMP_Traps.pdf SNMP Trap Configuration]
* [https://ftpmirror.your.org/pub/misc/ftp.software.ibm.com/software/security/products/qradar/documents/7.2.2/QNAD/EN/SNMP_Traps.pdf SNMP Trap Configuration]


== Ariel Query Language (AQL) ==
== Referencias ==
 
* [https://www.ibm.com/docs/pt-br/qsip/7.5?topic=deployment-qradar-architecture-overview Visão geral da arquitetura do QRadar]
:: Ao planejar ou criar sua implementação do IBM QRadar, é importante ter um bom conhecimento da arquitetura e dos componentes do QRadar.
 
* [https://www.ibm.com/docs/en/dsm?topic=configuration-qradar-supported-dsms QRadar supported DSMs] ou [https://www.ibm.com/docs/en/SS42VS_DSM/pdf/b_dsm_guide.pdf Versão em PDF]
:: O IBM QRadar pode coletar eventos de seus produtos de segurança usando um arquivo de plug-in chamado Device Support Module (DSM).
 
* [https://exchange.xforce.ibmcloud.com/hub?q=trend&br=QRadar IBM Security App Exchange - QRadar Applications in Exchange.Xforce]
:: Compartilhe aplicativos, extensões de aplicativos e aprimoramentos para produtos IBM Security no IBM Security App Exchange para clientes, desenvolvedores e parceiros de tecnologia.
 
* [https://github.com/IBM/IBM-QRadar-Universal-Cloud-REST-API/tree/master/Community%20Developed DSM GitHub Community Developed]
 
* [https://www.ibm.com/support/pages/qradar-core-services-and-impact-restarting-services QRadar: Core services and the impact of restarting services]
 
* [https://www.ibm.com/support/pages/qradar-troubleshooting-rule-tests-log-activity-searches QRadar: Troubleshooting rule tests with log activity searches]
 
* [https://www.ibm.com/support/pages/qradar-troubleshooting-custom-rule-performance-findexpensivecustomrulessh QRadar: Troubleshooting Custom Rule performance with findExpensiveCustomRules.sh]


* [https://www.ibm.com/docs/en/qradar-on-cloud?topic=aql-query-structure AQL Query structure]
: Use Ariel Query Language (AQL) to extract, filter, and perform actions on event and flow data


* [https://www.ibm.com/docs/en/qradar-on-cloud?topic=aql-ariel-query-language Ariel Query Language]
: Funções para transformação, agregação da AQL


= Rest API, Apps and Wincollect =  
= Rest API, Apps and Wincollect =  
Line 77: Line 79:
* [https://www.ibm.com/docs/en/qradar-common?topic=api-endpoint-documentation-supported-versions RESTful API]
* [https://www.ibm.com/docs/en/qradar-common?topic=api-endpoint-documentation-supported-versions RESTful API]


* [[IBM QRadar: Device Support Module (DSM)]]
* [[IBM QRadar: Use Case Manager app]]


=== Apps ===
* [https://www.ibm.com/docs/en/qradar-common?topic=app-qradar-user-behavior-analytics QRadar User Behavior Analytics]
* [https://www.ibm.com/docs/en/qradar-common?topic=app-qradar-user-behavior-analytics QRadar User Behavior Analytics]


Line 96: Line 96:


* [https://www.ibm.com/support/pages/qradar-universal-cloud-rest-api-protocol-cases-and-support-policies Universal Cloud REST API - cases and support policies]
* [https://www.ibm.com/support/pages/qradar-universal-cloud-rest-api-protocol-cases-and-support-policies Universal Cloud REST API - cases and support policies]
= Integrações =
{| class="wikitable"
|+ Caption text
|-
! Solutions !! Which Log(s)? !! Comments
|-
| [https://docs.dynatrace.com/docs/discover-dynatrace/references/dynatrace-api/environment-api/audit-logs/get-entry Dynatrace Audit logs API] 
||
* Login events
* Logout events
* Any change to a configuration
* Any change to API tokens
||
[https://www.dynatrace.com/news/blog/easily-check-configuration-changes-or-environment-sign-ins-with-the-new-audit-logs-api/ Easily check configuration changes or environment sign ins with the new Audit logs API]
|-
| . || . || .
|-
| . || . || .
|}
* [https://docs.dynatrace.com/docs/discover-dynatrace/references/dynatrace-api/environment-api/audit-logs/get-entry Dynatrace Audit logs API]
: * Login events
: * Logout events
: * Any change to a configuration
: * Any change to API tokens


= Ver também =
= Ver também =

Latest revision as of 15:19, 19 March 2025

Principais Termos

Termo Descrição
Rule Uma Rule (regra) é um grupo de testes que podem desencadear uma ação se condições específicas forem atendidas.
Building Block Um bloco de construção (BB) é uma regra sem ação ou resposta. Um BB precisa ser referenciado em uma regra para ser executado.
Correlation Rules Example
Anomaly Rules Link
Example Example

Artigos

AQL Queries

Configurações


Referencias

Ao planejar ou criar sua implementação do IBM QRadar, é importante ter um bom conhecimento da arquitetura e dos componentes do QRadar.
O IBM QRadar pode coletar eventos de seus produtos de segurança usando um arquivo de plug-in chamado Device Support Module (DSM).
Compartilhe aplicativos, extensões de aplicativos e aprimoramentos para produtos IBM Security no IBM Security App Exchange para clientes, desenvolvedores e parceiros de tecnologia.


Rest API, Apps and Wincollect


Apps

Wincollect

Universal Cloud REST API

Ver também