QRadar Upgrade and Data Migration for a Global Distribution System Provider

QRadar Upgrade and Data Migration for a Global Distribution System Provider

Industry
Travel & Hospitality
Technologies
Python, SIEM, Information Security

QRadarQRadar Upgrade and Data Migration for a Global Distribution System ProviderCase StudyQRadar Upgrade and Data Migration for a Global Distribution System ProviderCase Studywww.scnsoft.comwww.scnsoft.comwww.scnsoft.comCustomer

asp net prototyping of e commerce web app mid

macintosh hd:users:alesbelski:desktop:logo.png

QRadar Upgrade and Data Migration for a Global Distribution System Provider

Case Study

QRadar Upgrade and Data Migration for a Global Distribution System Provider

Case Study

www.scnsoft.com

www.scnsoft.com

The Customer is a provider of a global distribution system (GDS) for the travel and tourism industry. They offer search, pricing, booking and other processing services to travel companies.

Challenge

The Customer had an outdated version of the IBM QRadar SIEM system. The Customer commissioned ScienceSoft to upgrade their legacy QRadar SIEM solution as well as perform data migration to a new system without losing the data collected for the past year.

Solution

At the first stage of the project implementation, the SIEM specialists wrote a script to automate the data migration process, thus significantly simplifying data migration and reducing the migration time.

As a part of the QRadar upgrade process, ScienceSoft’s SIEM team installed All-In-One QRadar SIEM Console in a high availability (HA) cluster in order to ensure continuous data collection and availability. ScienceSoft’s SIEM specialists installed and configured QRadar Network Insights (QNI) appliance to conduct fundamental analysis of the collected traffic flows.

Following the Customer’s requirements, all the data collected for the past year was transferred from the legacy SIEM system into the new one. Moreover, as a part of the migration process, the Customer’s legacy log sources also migrated to the updated system to maintain continuous searches on the migrated data.

After carrying out these actions, ScienceSoft’s SIEM team successfully replaced unsupported Adaptive Log Exporter (ALE) with the latest WinCollect Agent for collecting and processing Microsoft Windows security event data. This improved the control and management of the collected data.

In order to additionally improve the Customer’s event monitoring system, ScienceSoft’s SIEM specialists introduced a new audit baseline for Linux systems. The previous audit baseline configuration led to producing a lot of information noise that the correlation engine ignored. Therefore, the Customer got too much information useless for systems monitoring. The improvements implemented by ScienceSoft’s SIEM team allowed filtering 2,000,000 events a day. Consequently, the information noise level significantly decreased, and the Customer’s personnel received only the events required to conduct quality monitoring.

Results

The Customer got the upgraded IBM QRadar SIEM solution. The Customer’s legacy data collected for the past year, together with the event sources, was successfully transferred into the updated system. As a result of the extra efforts of ScienceSoft’s SIEM team, the Customer received an improved event monitoring system.

Technologies and Tools

IBM QRadar SIEM 7.3.1, PostgreSQL, Python, Shell script, Ansible script, RegEx

Need help with a similar project?
Drop us a line, and our rep will contact you within 30 minutes to arrange an initial discussion.
MORE CASE STUDIES