Sign in Subscribe

Disclaimers

In this blog you will find custom Device Support Modules I've created or modified, tips that may interfer with QRadar normal behavior... Be careful when using materials I mention or implementing things I describe in articles in production environment because :

I am and I will not be responsible of any disruption or problem caused by one of my DSMs, materials, configurations mentionned or anything you will do on the behalf of something I wrote in this blog.

Moreover, regarding custom device modele, you'll find this statement on the IBM website.

IBM does not support the following :Requests for assistance to write, modify, test, or tune custom log sources for administrators in the DSM Editor.QRadar Support does not validate or update regular expressions to override default event properties for custom log sources.Requests to create custom event properties in the DSM Editor.QRadar Support does not assist users with mapping events or creating custom QIDs for events in the DSM Editor.

source: QRadar: DSM Editor and custom log source cases and support policies

This can be extend to everything I present on this blog except when explicit statement tells otherwise. In these cases, specific perimeter will be defined and IBM sources will be provided to backup the information.

Nevertheless, if you encounter any issue, you can contact me with the detail and I'll be happy to help you. The best thing to do is to comment article concerning the subject with detailed informations about the issue(1). By doing so, everyone will be able to help you with their knowledge. In fact, because I do not master everything in QRadar, you can also provide ameliorations or explain why you would have done things differently, I'll be glad too. Of course, in every message, I ask you to be polite, avoid out of scope subject, be nice and if you have any doubt do some reading before posting something you may regret later.

(1) : I ask you to avoid posting sensitive informations about your environment, infrastructure... For example, do not post public IP, account secrets... I will redact these informations if I see one but I cannot be responsible if something impacting your security environment goes online.