Snare has released an IBM App Exchange update for the IBM QRadar software. The Snare Log Analysis QRadar application is designed to provide an overview dashboardof auditing log activity that the Snare for Windows Agents are sending to the QRadar System.
A new application v1.1.0 and user guide have been released on the IBM App exchange portal. The update includes many new features covering:
- USB activity
- Administration events
- Logon success and failures
- Process command execution information.
- Threat Analysis
- Filtering enhancements
In addition, events can be correlated together and matched against known fingerprints to detect possible threats on the network including an example of detecting the Rubber Ducky events from using this USB device. The main dashboard and other screens have also had a makeover to provide an enhanced user experience. Filtering has also had a makeover with enhanced date ranges to find logs for particular users or systems.