How to Edit Existing Reports in IBM QRadar SIEM

QRadar comes with several hundred reports built-in by default. Many of the built-in reports will work as expected the first time they are run. Others may produce an output that needs to be adjusted slightly to filter out unnecessary data. Administrators may need to tune these reports to fit their specific environment. For example, you may run a report on user logins to a server with compliance requirements and find the report includes the valid data that is of interest as well as several service accounts that are known and should be excluded from the report output. The report will need to be adjusted to remove the service accounts so only valid data is output.

QRadar uses saved search output as the basis for creating report charts and tables. When configuring new reports the administrator will use the report configuration menu to select previously saved searches to include as a chart or graph in the report. When updating an existing report, the previously used search should be used as a template. By opening the previously created template, the update will take less time and ensure predictable results. Read more

Target Data Breach

How did they pull it off and how can you safeguard your environment from a similar event?

The Target Stores data breach started by exploiting a vulnerability in an externally facing webserver.  Once inside, hackers took command of an internal server and planted malware on the Point of Sale devices in stores all over the US.  The harvested data was stored internally until the hackers reached back in to grab the millions of credit card account records that were stolen.  More details can be found at http://krebsonsecurity.com/

With the tools available today, how could this event happen?  What can you do to safeguard your environment from a similar incident?

PathMaker Group recommends the following measures:

  1. Assess the overall security posture of your organization.  Our company provides a rapid assessment covering 16 security domains enabling you to understand where you may have major gaps.  We can help you prioritize these gaps to help you to maximize your risk mitigation.
  2. Test your environment (and your website code) for vulnerabilities.  External and internal penetration testing is a necessary starting place, but if you develop your own website code, scanning your application code prior to releasing the system to production is essential as these techniques and tools will surface many more vulnerabilities.  We can help with both of these services.
  3. Leverage security intelligence technologies to correlate and identify suspect events before massive damage can occur.  We can rapidly deploy an industry leading solution for you in a matter of days including setting up a managed service.

For help or more information, please contact PathMaker Group at 817-704-3644

Keith Squires, President and CEO, has been in high demand by the media to add insight to this recent news.  Radio and television news interviews, including CBS National News, are available to view at the following link:

https://www.pathmaker-group.com/home/pathmaker-group-news/