Educause Security Discussion mailing list archives

Re: QRadar

From: Scott Stoops <sstoops () ASHLAND EDU>
Date: Fri, 24 Aug 2018 09:42:56 -0400

We recently completed a PoC of QRadar. Our intent is to purchase it as soon
as we can reasonably arrange the budget. Things that affected our decisions:

1) It is a single interface. All configuration and interaction is through
that single interface.
2) Initial set up was easy. Out of the box it is fairly chatty in terms of
the information it presents. We anticipate that the actual tuning will take
us quite some time.
3) The rules are very similar in concept to firewall rules. The logic for
rules can be quite complex but each statement is straightforward.
4) The product can handle most of the common log formats out of the box.
There are add-ons available to integrate with various other security
products.
5) It is fairly extensible through its application marketplace.
6) We were able to work extensively with an engineer during the PoC to make
sure that we could see the value in the product. During that time they
assisted us with examining incidents and determining ways to handle them.

We are a small shop and don't have the resources to devote a fulltime
person to monitoring a SIEM. QRadar looks like the kind of product that
would allow us to see value from it without full time eyes on the product.
--------------------------------------------------------------------------------------------------
Scott Stoops
Security Analyst II
Office of Information Technology | 100 Patterson Technology Center
Ashland, OH 44805
(w) 419-289-5405
sstoops () ashland edu

On Fri, Aug 24, 2018 at 9:01 AM Walzer, Jeff R <walzer () pitt edu> wrote:

We are looking at QRadar and was looking for any feedback from any schools
that have deployed it. Pros/cons, good/bad, etc.



Thx


*---------------------------------------------------------------------------*

*Jeff Walzer*

*Senior Security Analyst*

*Computing Services and Systems Development (CSSD)*

*University of Pittsburgh*

*315 S. Bellefield Ave., Rm 403*

*PGH, PA 15260*


*---------------------------------------------------------------------------*

Current thread:

QRadar Walzer, Jeff R (Aug 24)
- Re: QRadar Scott Stoops (Aug 24)
  - Re: QRadar John Ramsey (Aug 24)
  - Re: QRadar Walzer, Jeff R (Aug 24)