You can change your QRadar network settings by running the QRadar qchange_netsetup script.
Some make the mistake of changing the network settings (such as IP address, hostname, and DNS settings) directly on the QRadar operating system – which runs on a custom RedHat Enterprise Linux distribution.
Here are the steps needed to change your QRadar network configuration.
NOTE: There will be some server down time involved since the script will stop all QRadar services and initiate a server reboot. Also note that the procedure should be done on the physical server terminal/console, and not through a remote SSH session.
1. Open the QRadar terminal (It should be directly on the server and not through SSH).
2. Run the following command: # qchange_netsetup
3. Read the terms and press Y and enter to continue
4. Wait for the services to automatically stop
5. Change the network configuration as necessary
6. Select Finish and wait for the server to reboot.
QRadar will use the new network settings after rebooting.
I have seen a few Security Information and Event Management (SIEM) Proof-of-Concept (POC) activities with different end-users where IBM QRadar SIEM went head-to-head against other SIEM systems.
The competing POC systems are subjected to the same set of use cases or evaluation criteria, which usually cover the following:
- Support for different log or event sources
- Ease of configuring correlation rules
- Query and report performance (How fast are results generated?)
- Ease of management
- Deployment time metrics
Here are some of the things to note:
- Given a 4-week window to complete a specified set of use cases, QRadar was deployed and met all evaluation requirements in less than a week. The others took longer to to deploy and configure (about 3-4 weeks). Interestingly enough, some were still not able to meet all of the requirements within the allotted time frame. The time discrepancy and compliance was glaring for the end-users not to notice the differences.
- Apart from the basic log collection/management functionality, there usually is enough time to showcase QRadar’s other functions such as network flow (layer 4 and layer 7) analysis using the same POC box. This all-in-one feature is seen as one of the key selling points of QRadar.
- Some end-users particularly noted how relatively easy it was to configure rules and alerts on the fly compared to the other solutions.
I used to deploy and manage some of the competing solutions and was completely blown away by what QRadar could do. From a personal opinion (Yes, disclaimer here!), and based on experience, the relative ease by which QRadar can be deployed compared to the others, and the excellent security intelligence coverage that it provides, has made a convert out of me.