Robert Rojek

Latest Aug 31, 2025 Versions

QRadar 750 UP13 Great New Features but a Frustrating Infographic controversies

QRadar 750 UP13 features In August 2025, a new patch for QRadar 7.5.0, Update Package 13 (UP13), was published. The official notes […]

Nov 5, 2024 Versions

QDI app 3.0.15 release

IBM’s QRadar is a leading Security Information and Event Management (SIEM) solution, empowering organizations to effectively manage, analyze, and respond to security […]

Oct 18, 2024 Versions

New QRadar 7.5.0 UP10 is published

A new version of QRadar 7.5.0 UP10 was published on 14 October 2024, bringing many new features, which I will summarize in […]

Oct 26, 2022 Versions

QRadar upgrade – Parallel upgrade vs. Patch all

There are two methods commonly used for the QRadar upgrade. These methods apply to the distributed deployment only but not to the […]

Feb 27, 2021 Admin

Add new DNS servers to QRadar

There is a common problem with how to add new DNS servers to QRadar if you need to change them. Normally, you […]

Feb 21, 2021 QRadar SIEM

An open offense can be inactive in the Backend

An open offense can be inactive in the Backend if there are no new events that arrived for at least 30 minutes. […]

Jan 4, 2021 Admin

How to change a forgotten password in QRadar

QRadar has multiple ways to authenticate users. Apart from the default System Authentication based on data kept in the Postgres database, you […]

Jan 3, 2021 Log Sources

List and export all enabled Log Sources using psql query in QRadar

In order to export a list of all enabled log sources, SIEM administrators can run one of the following commands basd on […]

Jan 2, 2021 Admin

Manually stop QRadar services

Most of QRadar administrators are familiar with the command issued in the backend, which restarts services (systemctl restart hostcontext). You should know […]

Jun 14, 2020 Admin

Deploying changes locally

Many QRadar users and admins hit time out or error issue when they are deploying changes in QRadar to the Managed Hosts. […]

Apr 16, 2020 UBA

User Behavior Analytics 3.6 (UBA) with Multi-Tenancy support

It has been announced, that soon we can expect a new version of UBA extension to QRadar functionality. The new version with […]

Jun 7, 2019 Architecture

Deployment Model in QRadar

QRadar can work in the Deployment Model which is master and slave environment. The single master is the console, which manages the […]

May 19, 2019 Log Sources

DSM Editor (part two)

This is the second part of the article about DSM Editor. Please find the link here to the first part of this […]

May 19, 2019 Log Sources

DSM Editor (part one)

DSM Editor is multi-task editor, which let you parse any event received by QRadar box. QRadar supports more than 1000 Log Sources […]

Apr 13, 2019 Architecture

Migrating from App Node to App Host

Please find below embedded three movies by Jose Bravo about migrating from App Node to App Host. App Host is new component […]

Apr 12, 2019 Architecture

Installing an App Node in QRadar environment

Installing an App Node in QRadar environment is only possible for QRadar 7.3.0 and QRadar 7.3.1. Below this number, in versions 7.2.6 […]

Apr 4, 2019 Log Sources

New version of Splunk forwarder app

Recently IBM has provided the new version of Splunk forwarder app. This is a very useful tool for anybody using both systems. […]

Mar 28, 2019 Admin

Customising QRadar interface

Customising QRadar interface, after issuing version 7.3.0, is rather a simple task. Users, willing to do it, don’t need to have more […]

Mar 10, 2019 Architecture

QRadar in AWS Marketplace

Great news for QRadar admins. From the 1st of February, QRadar is available in the AWS Marketplace. Amazon Web Services (AWS) is […]

Feb 10, 2019 Versions

Second part of QRadar 7.3.2 features

As promised in the last month, please find the second part of the QRadar 7.3.2 features article. As for today (mid of […]

Jan 6, 2019 Versions

Sneak Peek at QRadar 7.3.2

Soon (the first quarter of 2019), we can expect a new version of QRadar. This is a sneak peek at QRadar 7.3.2, […]

Jan 4, 2019 QNI

New version of QDI

On 4th January 2019, a new version (2.2.3) of QRadar Deployment Intelligence (QDI) application issued to the public. Among new features, the […]

Dec 30, 2018 Performance

Generating and receiving events with QRadar

QRadar is capable of receiving and parsing events from a variety of third-party security products. The full list of supported devices is […]

Aug 12, 2018 Performance

Changes in Traffic Analysis in 7.3.1

Among new features introduced in version 7.3.1, one of the most important would be a change in Traffic Analysis. Change reasons Many users […]

Aug 12, 2018 Performance

Performance degradation in QRadar on ecs-ec

Performance degradation occurs in QRadar on two main services ecs-ec and ecs-ep. Depends on service, which is affected (sometimes it can be […]

Mar 25, 2018 Versions

Event retention

Event retention helps QRadar administrators keep up and organize the data collected by their SIEM system. Retention window. Click the Admin tab Retention window […]

Mar 18, 2018 Admin

QRadar backup

QRadar backup is one of the most important feature to use by each system administrator. There are two types of backups – […]

Mar 17, 2018 Architecture

QRadar Network Activity

QRadar Network Activity is the second important tab in QRadar interface. Each flow is a record of the communication between two machines, […]

Mar 16, 2018 Architecture

QRadar Log Sources

QRadar Log Sources are displayed in Log Activity tab where each event information is in a form of record from that log source. […]

Mar 7, 2018 QVM

Missing /store partition in QRadar

Missing /store partition can sometimes seem in your QRadar, due to unsafe close of your server (hard reboot or power fail incident). In […]

Dec 2, 2017 QVM

QVM – Newly configured vulnerability exceptions can sometimes be duplicated

It has been identified that when creating new vulnerability exceptions, a duplicate can sometimes be created. Example of steps that can sometimes […]

Nov 10, 2017 Log Sources

Routing data in QRadar

There are two options for routing data in QRadar: Online: Forwarding takes place during the QRadar event pipeline as part of ECS-EC […]

Nov 9, 2017 Architecture

QRadar appliances and types

QRadar appliances and types group in a large family of products, which can be confusing for people starting with this SIEM. You […]

Oct 31, 2017 Reference Sets

Bad Rabbit Malware Content Pack

Bad Rabbit malware. On October 24th there were found new attacks on many sites using previously unknown ransomware, which later has been […]

Jan 5, 2017 UBA

How to restart UBA app 1.x.x only.

How to restart UBA app. # /opt/qradar/support/qapp_utils.py ls Get the app_id # /opt/qradar/support/qapp_utils.py connect <app_id> Enter the app and restart the web […]

May 11, 2016 QNI

What is QNI

QNI ( QRadar Network Insights) is an appliance, which can provide detailed analysis of network flows to extend the threat detection capabilities of IBM Security […]

Mar 11, 2016 QRadar SIEM

What is QRIF

What is QRIF. QRIF does stand for QRadar Incident Forensics and allows you to retrace the step-by-step actions of a potential attacker and […]

Oct 22, 2015 Architecture

QRadar processes

QRadar processes run on top of a linux (Red Hat 6 for versions up to QRadar 7.2.8 and Red Hat 7 for […]

Oct 11, 2015 QNI

What is QPCAP

IBM Security QRadar Packet Capture (QPCAP) is a network traffic capture and search application. The QRadar Packet Capture appliance has only one […]

Oct 10, 2015 QRadar SIEM

Restart QRadar services

Restart QRadar services. Whenever, you notice that no events or flows are visible on interface, try to restart services. Even if this […]

Oct 4, 2015 Architecture

New features in QRadar version 7.2.5

Find below a new features in QRadar version 7.2.5 which was released for public 6th of June 2015 Domain segmentation Domain segmentation […]

Oct 2, 2015 QRM

What is QRM

QRadar Risk Manager (QRM) is a separately installed appliance for monitoring device configurations, simulating changes to your network environment, and prioritizing risks […]

Oct 2, 2015 QNI

QRadar activation key

The activation key is a 24-digit, four part, alphanumeric string that you receive from IBM. The key specifies which software modules apply for […]

Oct 1, 2015 QVM

What is QVM

QRadar Vulnerability Manager (QVM) is a scanning platform based on QRadar that is used to identify, manage, and prioritize the vulnerabilities on your […]

Oct 1, 2015 QRadar SIEM

QRadar products family

QRadar products family consists of the following variations QRadar SIEM QRadar SIEM (Security Information and Event Management) is a network security management platform […]

Sep 30, 2015 QRadar SIEM

What is QRadar?

IBM Security QRadar SIEM (Security Information and Event Management) is a network security management platform that provides situational awareness and compliance support. The system […]