You're reading from Building a Next-Gen SOC with IBM QRadar Accelerate your security operations and detect cyber threats effectively

Product type Paperback

Published in Jun 2023

Publisher Packt

ISBN-13 9781801076029

Length 198 pages

Edition 1st Edition

Tools

IBM QRadar

Concepts

Cybersecurity

Author (1):

Ashish Kothekar

View More author details

Table of Contents (18) Chapters

Preface

1. Part 1: Understanding Different QRadar Components and Architecture

2. Chapter 1: QRadar Components FREE CHAPTER

3. Chapter 2: How QRadar Components Fit Together

4. Chapter 3: Managing QRadar Deployments

5. Part 2: QRadar Features and Deployment

6. Chapter 4: Integrating Logs and Flows in QRadar

7. Chapter 5: Leaving No Data Behind

8. Chapter 6: QRadar Searches

9. Chapter 7: QRadar Rules and Offenses

10. Part 3: Understanding QRadar Apps, Extensions, and Their Deployment

11. Chapter 8: The Insider Threat – Detection and Mitigation

12. Chapter 9: Integrating AI into Threat Management

13. Chapter 10: Re-Designing User Experience

14. Chapter 11: WinCollect – the Agent for Windows

15. Chapter 12: Troubleshooting QRadar

16. Index

Why subscribe?

17. Other Books You May Enjoy

Getting to know the Data Node

Event and flow data are required for security purposes as well as for compliance. The amount of storage available on the Console and processors might not be enough for compliance.

For example, it may be mandated by Central Banks to keep event and flow data for 2 years. The available storage on processors can store data only for 6 months. In such a scenario, multiple Data Nodes can be added to a processor so that the processed data can be stored.

Adding a Data Node to deployment has two advantages:

Increases the storage space for event and flow data
Searches are more efficient when Data Nodes are used

Multiple Data Nodes can be attached to a single processor. One Data Node cannot be attached to multiple processors. What this means is that one Data Node will share data with just one processor.

When Data Nodes are added to the deployment, there is a process called data rebalancing that happens. The incoming data in the processor is distributed amongst the Data Nodes that are attached.

If a Data Node goes down (or crashes), the incoming data is not written to the Data Node. Once the Data Node is up, data is again rebalanced between the processor and Data Node. We will touch more on Data Nodes while discussing searches in Chapter 6.

You're reading from Building a Next-Gen SOC with IBM QRadar Accelerate your security operations and detect cyber threats effectively

Table of Contents (18) Chapters

Getting to know the Data Node

Authors (2)

Personalised recommendations for you