contact@scnsoft.com en flag +1 214 306 68 37
en flag +1 214 306 68 37
Contact us
QRadar Upgrade and Data Migration for a Global Distribution System Provider

QRadar Upgrade and Data Migration for a Global Distribution System Provider

Industry
Travel & Hospitality
Technologies
QRadar

Customer

The Customer is a provider of a global distribution system (GDS) for the travel and tourism industry. They offer search, pricing, booking and other processing services to travel companies.

Challenge

The Customer had an outdated version of the IBM QRadar SIEM system. The Customer commissioned ScienceSoft to upgrade their legacy QRadar SIEM solution as well as perform data migration to a new system without losing the data collected for the past year.

Solution

At the first stage of the project implementation, the SIEM specialists wrote a script to automate the data migration process, thus significantly simplifying data migration and reducing the migration time.

As a part of the QRadar upgrade process, ScienceSoft’s SIEM team installed All-In-One QRadar SIEM Console in a high availability (HA) cluster in order to ensure continuous data collection and availability. ScienceSoft’s SIEM specialists installed and configured QRadar Network Insights (QNI) appliance to conduct fundamental analysis of the collected traffic flows.

Following the Customer’s requirements, all the data collected for the past year was transferred from the legacy SIEM system into the new one. Moreover, as a part of the migration process, the Customer’s legacy log sources also migrated to the updated system to maintain continuous searches on the migrated data.

After carrying out these actions, ScienceSoft’s SIEM team successfully replaced unsupported Adaptive Log Exporter (ALE) with the latest WinCollect Agent for collecting and processing Microsoft Windows security event data. This improved the control and management of the collected data.

In order to additionally improve the Customer’s event monitoring system, ScienceSoft’s SIEM specialists introduced a new audit baseline for Linux systems. The previous audit baseline configuration led to producing a lot of information noise that the correlation engine ignored. Therefore, the Customer got too much information useless for systems monitoring. The improvements implemented by ScienceSoft’s SIEM team allowed filtering 2,000,000 events a day. Consequently, the information noise level significantly decreased, and the Customer’s personnel received only the events required to conduct quality monitoring.

Results

The Customer got the upgraded IBM QRadar SIEM solution. The Customer’s legacy data collected for the past year, together with the event sources, was successfully transferred into the updated system. As a result of the extra efforts of ScienceSoft’s SIEM team, the Customer received an improved event monitoring system.

Technologies and Tools

IBM QRadar SIEM 7.3.1, PostgreSQL, Python, Shell script, Ansible script, RegEx

Have a question to our team or need help with your project?

Our team is ready to provide client references, estimate your project, or answer any other question related to your IT initiative.

Upload file

Drag and drop or to upload your file(s)

?

Max file size 10MB, up to 5 files and 20MB total

Supported formats:

doc, docx, xls, xlsx, ppt, pptx, pps, ppsx, odp, jpeg, jpg, png, psd, webp, svg, mp3, mp4, webm, odt, ods, pdf, rtf, txt, csv, log

Get in touch instantly

Call us Live chat WhatsApp Email us

More Case Studies

Share:

facebook twitter linkedin