QRadar SIEM JUpublic.dhe.ibm.com/software/security/products/qradar/...Yn IBM Security QRadar ú ñ \α u@Az Σ Web s² C ϕzs QRadar t A ú zΘJ W PKXC W PKX z ²tmC UϕCXFΣ Web s²

$Page 1: QRadar SIEM JUpublic.dhe.ibm.com/software/security/products/qradar/...Yn IBM Security QRadar ú ñ \α u@Az Σ Web s² C ϕzs QRadar t A ú zΘJ W PKXC W PKX z ²tmC UϕCXFΣ Web s²$
IBM Security QRadar SIEM�� 7.2.7

J�ΓU

IBM

��

b��ΩT�Σ�Σ��ú�ºeA�\¬� 21��yn�zñ�ΩTC

ú�ΩT

�σ≤A�≤ IBM QRadar Security Intelligence Platform 7.2.7 � �ß≥oμ�A��σ≤�≤s��N�εC

© Copyright IBM Corporation 2012, 2016.

�²

QRadar SIEM J�� . . . . . . . . . . . . . . . . . . . . . . . . . . . . . v

� 1 � QRadar SIEM º[ . . . . . . . . . . . . . . . . . . . . . . . . . . . 1Θxí� . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1⌠⌠í� . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1Ωú . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1≡� . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2°i . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2Ω�¼� . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2�≤Ω�¼� . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2y{Ω�¼� . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3�}�q (VA) ΩT . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3

QRadar SIEM Wh . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3Σ�� Web s²� . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4

� 2 � }liμ QRadar SIEM íp . . . . . . . . . . . . . . . . . . . . . . . 5w� QRadar SIEM nΘX��m . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5QRadar SIEM nΘX��m . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5QRadar SIEM tm . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6⌠⌠Ñh . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6�\⌠⌠Ñh . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6��≤s . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7tm��≤s]w . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7¼��≤ . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8¼�y{ . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8�J�}�q (VA) ΩT . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9

QRadar SIEM �π . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9��tⁿ��@� . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9��tⁿ��@� . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10°A��m�⌠ . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10��sW°A��m�⌠ . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11Γ�sW°A��m�⌠ . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11tmWh . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12Mú SIM Ω��¼ . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12

� 3 � }l�� QRadar SIEM . . . . . . . . . . . . . . . . . . . . . . . . . 13jM�≤ . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13xs�≤jM�h . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13tm�í�C�ϕ . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14jMy{ . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15xsy{jM�h . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15��÷ϕO�� . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16jMΩú . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16≡��d . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17�°≡� . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17

d�G�� PCI °id�. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18d�G≥≤wxs�jM��q°i . . . . . . . . . . . . . . . . . . . . . . . . . . 18

n� . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21�� . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22ú�í�σ≤�°� . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22

© Copyright IBM Corp. 2012, 2016 iii

IBM uW⌠pvn� . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23⌠pv°��q . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24

Wⁿ�� . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25T� . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25�� . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25¡� . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25� . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26C� . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26K� . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26E� . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26Q� . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26Q@� . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27QG� . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27QT� . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28Q�� . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28QC� . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29QK� . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29QE� . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29A . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29C . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29D . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29F . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29H . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30I . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30L . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30M. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30N . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30O . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30Q . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30R . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30S . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30T . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30W . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31

�� . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33

iv QRadar SIEM J�ΓU

QRadar SIEM J��

mIBM® Security QRadar® J�ΓUn�z�Dnº�Bw�{��º[AH�zb

��ñ⌡μ�≥�@�C

��¬�

�ΩT«b�td�d��z⌠⌠w��w��z��C Yn��ΓUAz�π

��q⌠⌠≥ª[cP⌠⌠�N��C

�Ní�σ≤

p�p≤s�≤h�Ní�σ≤B�Nσ≤��N��÷ΩTA��\s�

IBM Security í�σ≤�Nσ≤ (http://www.ibm.com/support/docview.wss?rs=0

&uid=swg21612861)C

p��ßΣ�ñ�

p�p��ßΣ�ñ��÷ΩTA��\>Σ�PUⁿ�Nσ≤ (http://www.ibm.com/

support/docview.wss?rs=0&uid=swg21612861)C

}nw�Ω��»z

IT t�w�A�zLwB��°� �úϕs�O@t�PΩTCúϕs

�iα�P�≤BlaBúϕ��ΩTA]iα�Pla��t�A]A�≤≡

�ΣLt�C S�⌠≤ IT t��ú��Q�@��w�ABS�μ�ú�BA�

w�ΓqiH��wúϕ��s�C IBM t�Bú��A]p�Xk�ε

X�w�Φk�@í�AN�n]tΣL@�{�ABiα�nΣLt�Bú��A

A�α≤��C IBM úO�⌠≤t�Bú��AK≤�N²Q°�K≤⌠≤@

Φ�cN�Dkμ�C

��NG

��{íiα�Pí�k��kW�Φ�A]AP⌠pvBΩ�O@B��ql

qTPxs�÷�k��kWCIBM Security QRadar �HXkΦí�≤Xk��C

�ßPNbϕ�A�k�BkW��hA�ß��d⌠�eúU��{íCQ�

vΦNϕªN�o�w�oXk�� IBM Security QRadar ��PNB\iv��vC

© Copyright IBM Corp. 2012, 2016 v

http://www.ibm.com/support/docview.wss?rs=0&uid=swg21614644



vi QRadar SIEM J�ΓU

� 1 � QRadar SIEM º[

IBM Security QRadar SIEM O@�⌠⌠w��z¡xAú�¼p¼Aú��Σ

�C QRadar SIEM ��X��≥≤y{�⌠⌠��Bw��≤�÷�P≥≤Ωú��

}�qC

Yn}l��ú�A�tm≥� QRadar SIEM w�B¼��≤�y{Ω�AH�ú

°iC

Θxí�

b IBM Security QRadar SIEM ñAziHY��°�π�⌠⌠�≤A��⌡μiÑj

MC

Θxí��N�≤ΩTπ��Y�Θx�]�p⌡≡�⌠��m��O

²C��Θxí��⌡μUC@�G

v �d�≤Ω�C

v Y��d�e� QRadar SIEM ��≤ΘxC

v jM�≤C

v zL��itm��í�C�ϕA�°Θxí�C

v �O�PH�π QRadar SIEMC

⌠⌠í�

b IBM Security QRadar SIEM ñAziH�dΓ�D≈ºí�qTÑq@�C

pGw�� e��∩�Ah⌠⌠í��π�p≤��⌠⌠Ω�yq��

Ω�yq��÷ΩTC��⌠⌠í��AziH⌡μUC@�G

v Y��d�e� QRadar SIEM �y{C

v jM⌠⌠y{C

v zL��itm��í�C�ϕA�°⌠⌠í�C

Ωú

QRadar SIEM �zL��Q�y{Ω��}Ω��Ωú]w�Aq��⌠

⌠°A�MD≈C

Ωú]w�ú�⌠⌠ñC@�w�Ωú]]A�b⌡μ�A��÷ΩTC Ωú]w

�ΩT�≤�÷��Aoi�U≤ε��PC

��Ωú��⌡μUC@�G

v jMΩúC

v �°��wA��ΩúC

v �°wA�Ωú��OΩTC

v �π�P�}C

© Copyright IBM Corp. 2012, 2016 1

≡�

b IBM Security QRadar SIEM ñAziH�d≡�AHPw⌠⌠D�Dn�]C

��≡��°⌠⌠Wo ��≡�A�⌡μUC@�G

v �d⌠⌠W�≡�B�P��a IP �}B⌠⌠μ��º�C

v ��h�⌠⌠��≤�y{PP@��a IP �}�÷pC

v ⌡�≡��U��AH�d�≤Py{�Ω�C

v Pw�P≡��@�≤C

°i

b IBM Security QRadar SIEM ñAziH��q°i��w]°iC

QRadar SIEM ú�w]°id�AziH∩Σ[H�qB�PAy�te� QRadar

SIEM ��C

°id�÷°i�¼��A�p��B�mB⌡μ��⌠⌠°iC ��°i��¿

UC@�G

v ��Bte��z QRadar SIEM Ω��°iC

v ��q°iH�≤@��⌡μC

v Nw�P⌠⌠ΩT�X�μ@°iC

v ��sΦw²w��°id�C

v ��q�x��°i�PC ��P�Q≤N°ite�úP�¬�C

v ]wú �q�w]°i��{C

v HU�μíoG°iC

Ω�¼�

QRadar SIEM �ⁿ�\h�mºU�μí�ΩTAΣñ]Aw��≤B⌠⌠Ω�yq

��y�GC

¼��Ω��T�Dn�qG�≤By{��}�q (VA) ΩTC

�≤Ω�¼�

�≤�UCΘx�ú G⌡≡B⌠��B°A��IJ��t� (IDS) �IJw

t� (IPS) ÑC

jí�Θx�� Syslog qT≤wANΩT�e� QRadar SIEMC QRadar SIEM

]Σ�UCqT≤wG

v �÷⌠⌠�zqT≤w (SNMP)

v Java™ Ω�wsu\α (JDBC)

v w��m�≤μ½ (SDEE)

�w]AQRadar SIEM bY�Sw�íd≥ �¼�Sw��i�OΘxºßAYi

��Θx�C �Q��Θx�ºßAQRadar SIEM �NAϕ��mΣ��

� (DSM) sW�uΘx�v°íñ��z��C

2 QRadar SIEM J�ΓU

÷Mjí� DSM ú]A� Θx�e\αA²��@ DSM �nBtm�/�N

z{í�α�eΘxCtm�] DSM �¼úPºC z�TO DSM tm�H

QRadar SIEM Σ��μí�eΘxCp�tm DSM ��÷ΩTA��\ DSM tm

ΓUC

Y Θx��¼]�p⌠��μ½��e¼≈�ΘxAQRadar SIEM Lk�t

��sWª��uΘx�vMμC ziHΓ�sWo Θx�C p�Γ�sW

Θx��÷ΩTA��\ IBM Security QRadar Θx��ΓUC

¼��Ω��T�Dn�qG�≤By{��}�q (VA) ΩTC

y{Ω�¼�

y{ú�⌠⌠Ω�yq��÷ΩTABª�iHU�μí]]A Flowlog �B

NetFlowBJ-FlowBsFlow � Packeteer��e� QRadar SIEMC

zLPB�ⁿh�y{μíAQRadar SIEM iH��Yμ�α≤�≤H�oΩTiα

≥��í�C

QRadar QFlow ¼�� ú��π�⌠⌠Ω�yq��{í��AL��{í@��

b�≡�≤C �pApG Internet Relay Chat (IRC) qT≤wb≡ 7500/TCP Wiμ

qTAh QRadar QFlow ¼�� NΩ�yq�O� IRCA�ú�μ�}l��]

��C NetFlow � J-Flow q�z≡ 7500/TCP W�Ω�yqAúú�⌠≤�÷�

��qT≤w�≤�⌠�wqC

@�ΦM≡�m]A��BDMZB°A��{íμ½�ANetFlow ú��Σ�⌠

��μ½��RΩTC

QRadar QFlow ¼�� w]w��ABnDΦM≡BSPAN ≡��y�s�� QRadar

SIEM nΘX��mW�i��CϕΦM≡s�� QRadar SIEM nΘX��mW�

Σñ@�⌠⌠��Ay{�RY��}lC�w]AQRadar SIEM �b�z�W

≤≡ 2055/UDP W�° NetFlow Ω�yqCziHⁿúB NetFlow ≡]pGn�

��C

�}�q (VA) ΩT

QRadar SIEM iHqU�≤Ot��y��J�}�qΩTC

�}�qΩTi≤U QRadar Risk Manager �O@�ñ�D≈B}��≡�τb��

}C

QRadar Risk Manager ��}�qΩTA∩⌠⌠W�≡�q�iμ��C

°�}�q�y��¼wAQRadar Risk Manager iHq�y�°A��J�y�GA

��q��yC

QRadar SIEM Wh

Whi∩�≤By{�≡�⌡μ��CpG�X��°≤AhWh�ú �

�C

� 1 � QRadar SIEM º[ 3

QRadar SIEM �]t�Wh�≤��U�í�AΣñ]ALh�⌡≡��Bh�

ónJ��τb�Lr⌠⌠í�C p�Wh�÷ΩTA��\ IBM Security QRadar

�zΓUC

UCMμí�Γ�Wh��G

v �qWh∩�≤By{�≡�⌡μ��AH��⌠⌠ñ�º�í�C

v º��Wh∩wxs�y{��≤jM�G⌡μ��AH��⌠⌠ñ≤�o º

�Ω�yq¼�C

½nGπ�D�zs�v��iH��L�iHs�º⌠⌠��WhC z�π

�Aϕ�ñΓv¡A�α�zWhC p��ñΓv¡��÷ΩTA��\ IBM

Security QRadar �zΓUC

Σ�� Web s²�

Yn� IBM Security QRadar ú�ñ�\α��u@Az��Σ�� Web s²�C

ϕzs� QRadar t��A�ú�zΘJ��WPKXC��WPKX��

�z��²tmC

UϕCXFΣ�� Web s²��C

ϕ 1. QRadar ú�Σ�� Web s²�

Web s²� Σ��

Mozilla Firefox 38.0 Extended Support Release

w��σ≤�í�s²��í� 32 ��

Microsoft Internet Explorer

11.0

Google Chrome �s��


� 2 � }liμ QRadar SIEM íp

�z��²íp QRadar SIEMAMß�α�⌠ IBM Security QRadar SIEM Dn\

αC

Yníp QRadar SIEMA�z��⌡μUC@�G

v w� QRadar SIEM nΘX��mC

v tm QRadar SIEM w�C

v ¼��≤By{��}�q (VA) Ω�C

v �π QRadar SIEM w�C

w� QRadar SIEM nΘX��m

�z��w� QRadar SIEM nΘX��mA�αs��C

}lºe

bw� QRadar SIEM �⌠nΘX��mºeATOzπ�G

v i�≤]tΓ��mºnΘX��m�íC

v �[�y��O]w�ⁿ�C

v ∩��G�≤s�Dx� USB ΣL�� VGA π��C

{�

1. N�z⌠⌠�s��uA�⌠⌠ 1v�≡C

2. NM�q��YíJnΘX��mI�C

3. pGz�ns�DxA�s� USB ΣL�� VGA π��C

4. pGnΘX��mπ��OAhV �⌠@��d�A�qnΘX��m�U�

OAH°ú�OC

5. }�nΘX��m�q�C

QRadar SIEM nΘX��m

QRadar SIEM �⌠nΘX��mO@� 2 U ��[�ⁿ°A�C �⌠]�úú��

[�y��OC

QRadar SIEM nΘX��m]A��⌠⌠�C w∩��⌠A��uA�⌠⌠

1v��@��z�C

ziHN�lT��°��≤y{¼�C QRadar QFlow ¼�� ú��π⌠⌠��

{í�RA�iHbC�μ�}l�⌡μ�]��C ° QRadar SIEM nΘX��m

wAϕ SPAN ≡��y�s��uA�⌠⌠ 1vH�⌠≤��Ay{�R��}

lCiα�n⌡μBBJA�αb QRadar SIEM �� QRadar QFlow ¼��

≤C

p��÷ΩTA��\ IBM Security QRadar �zΓUC


¡εGQRadar SIEM �⌠nΘX��miμy{�R��¡εO 50 MbpsC �TOb

�°�Wiμy{¼��E�Ω�yqúWX 50 MbpsC

QRadar SIEM tm

zLtm QRadar SIEMAziH�\⌠⌠Ñh��q��≤s��C

{�

1. TO Java ⌡μ��⌠� (JRE) 1.7 � � IBM 64 ��⌡μ��⌠� Java 7.0 �

w�bz�s� QRadar ú��α�t�WC

2. TOz�b��ⁿΣ�� Web s²�C ��\� 4��yΣ�� Web s²�zC

3. pGz�� Internet ExplorerA��σ≤�í�s²��íC

a. b Internet Explorer Web s²�ñA÷ F12 H}�u}o�uπv°íC

b. ÷@Us²��íA�∩� Web s²��C

c. ÷@Uσ≤�íA�∩� Internet Explorer 7.0 ��C

4. zLΣJt� QRadar Dx IP �}�UC URL nJ QRadar SIEM ��

�G

https://IP Address

�÷º�:

� 4��yΣ�� Web s²�z

Yn� IBM Security QRadar ú�ñ�\α��u@Az��Σ�� Web s²

�C

⌠⌠Ñh

ziH�°÷��\α��úP⌠⌠��A��I]w��h

ΩT�u²��C

QRadar SIEM ��⌠⌠Ñh⌡μUC@�G

v A�⌠⌠Ω�yq��°⌠⌠í�C

v �°⌠⌠ñ�Sw�Φs��AA�p½⌡μPBDMZ � VoIPC

v �°Ω�yqA��gC@�s��s� D≈�μ�C

v Pw��O��D≈C

�Fiμ�⌠A��J]tw²wq�Φs��w]⌠⌠ÑhC �\⌠⌠Ñh��T�

��π�C pGz�⌠�]A�π�bw²tmº⌠⌠Ñhñ�⌠⌠d≥Az�Γ�

sWª�C

b⌠⌠Ñhñwq�½≤L�Ω�sb≤⌠�ñC ⌡�≤≥ª[c��Φ⌠⌠d≥

ú�wq�⌠⌠½≤C

�GpGz�t�ú]A�π�⌠⌠ÑhAh��z��⌠�SwÑhC

p��÷ΩTA��\ IBM Security QRadar �zΓUC

�\⌠⌠Ñh

ziH�\⌠⌠ÑhC


{�

1. ÷@U�z��C

2. b�²íμñA÷@Ut�tmC

3. ÷@U⌠⌠Ñh��C

4. bW��μñAi} Regulatory_Compliance_ServersC

pG⌠⌠Ñh�]AXW�°A��≤AhiH∩�{��lí��ul≤v

�≤C

5. ÷@U�M� Regulatory_Compliance_ServersC

6. ÷@UsΦ��C

7. YnsW��°A�A�ϕ�UCBJG

a. b IP/CIDR μ�ñAΣJ��°A�� IP �}� CIDR d≥C

b. ÷@U (+) ��C

c. ∩��°A�½�WzBJC

d. ÷@UxsC

e. ∩zQnsΦ�⌠≤ΣL⌠⌠½��Bz{�C

8. b�z��\αϕWA÷@Uíp�≤C

ziH��s�⌠⌠w�ΩTA��Γ�≤stm�C QRadar SIEM ��t

�tm�ú��⌠⌠Ω�y{�ΦC

��≤s

�� QRadar SIEMAziH�N{�tm�A��πXw≤s�P{��C

QRadar SIEM Dx�s��⌠�⌠⌠A�α�¼≤s��C pGz�Dx�s

��⌠�⌠⌠Ah�tm í≤s°A�Cp�]w��≤s°A��÷ΩTA

��\ IBM Security QRadar ��ΓUC

q IBM Fix Central (www.ibm.com/support/fixcentral/) UⁿnΘ≤sC

≤s�iH]AUC≤s��G

v tm≤s��AΣñ]Atm��≤B�}BQID ∩M�w��ΩT≤s��C

v DSM ≤s��AΣñ]AσRD≤��B�y��≤�qT≤w≤s��C

v Dn≤s��AΣñ]Aw≤s JAR �º��C

v �n≤s��AΣñ]ABuWí� e�w≤s Script º��C

tm��≤s]w

ziH�q QRadar SIEM ≤s��B≤s�¼B°A�tm��≈]w�WvC

{�

1. ÷@U�z��C


3. ÷@U��≤s��C

4. b�²íμñA÷@U�≤]wC

5. ∩�≥��C

� 2 � }liμ QRadar SIEM íp 7

http://www.ibm.com/support/fixcentral/

6. b��≤s�{íμñA�ⁿw]��C

7. b≤s�¼íμñAtmUC��G

a. btm≤s��Mμ�ñA∩��≤sC

b. �ⁿUC��w]�G

v DSMB�y�BqT≤w≤s��

v Dn≤s��

v �n≤s��

8. Mú��íp�∩�C

�w]A�∩��∩�C pG�∩��∩�Aht�q��π�b÷ϕO��

WAⁿXz�bw�≤s��ºßíp�≤C

9. ÷@UiÑ��C

10. b°A�tmíμñA�ⁿw]��C

11. bΣL]wíμñA�ⁿw]��C

12. ÷@UxsA�÷¼u≤s��v°íC

13. buπCWA÷@Uíp�≤C

¼��≤

zL¼��≤AziHY��d�e� QRadar SIEM �ΘxC

{�

1. ÷@U�z��C

2. b�²íμñA÷@UΩ�� > �≤C

3. ÷@UΘx��C

4. �\Θx��MμA�∩Θx�iμ⌠≤n��≤C p�tmΘx��

÷ΩTA��\ IBM Security QRadar Θx��ΓUC

5. ÷¼uΘx�v°íC


¼�y{

zL¼�y{AziH�dD≈ºí�⌠⌠qTÑq@�C

}lºe

�{�úA�≤ IBM Security Intelligence on CloudCp�p≤b≤Ot�⌠⌠�m]�

pμ½��⌠��W��y{��÷ΩTA��\z��í�σ≤C

{�

1. ÷@U�z��C

2. b�²\αϕñA÷@UΩ�� > y{C

3. ÷@Uy{��C

4. �\y{��MμA�∩y{�iμ⌠≤n��≤C p�tmy{��

÷ΩTA��\ IBM Security QRadar �zΓUC

5. ÷¼uy{�v°íC



�J�}�q (VA) ΩT

zL�J�}�qΩTAziH�O@�ñ�D≈B}��≡�τb��}C

{�

1. ÷@U�z��C

2. b�²\αϕñA÷@UΩ�� > �}C

3. ÷@U�}�q�y��C

4. buπCWA÷@UsWC

5. ΘJ��C

��M≤zQnsW��y��¼C p��÷ΩTA��\ �}�qtmΓ

UC

½nGCIDR d≥ⁿw QRadar SIEM N� ⌠⌠πX��y�GC�pApGz

Qnw∩ 192.168.0.0/16 ⌠⌠i}�yA�ⁿw 192.168.1.0/24 @� CIDR d≥A

hu�πX� 192.168.1.0/24 d≥��GC

6. ÷@UxsC


8. ÷@U�{�}�q�y��C

9. ÷@UsWC

10. ⁿwzQn⌡μ�yºWv��hC

°�y�¼wA�h]A QRadar SIEM �J�y�G��s�y�WvCz

��ⁿwnb�y�Gñ]A�≡C

11. ÷@UxsC

QRadar SIEM �π

ziH�π QRadar SIEMAH�Xz⌠��nC

b�π QRadar SIEM ºeAÑ@�H² QRadar SIEM ��⌠⌠W�°A�Bxs

�≤�y{AH��≥≤{�Wh�≡�C

�z�iH⌡μUC�π@�G

v zLbΘxí��⌠⌠í��tLo� eW��tⁿ��A��≤�

y{��tⁿjMC

v zL��Γ�sW°A��m�⌠Aú�≤��lípM≤�μ��πC

v zL��∩�qWh�º��WhAtm∩�≤By{�≡�¼p��C

v TO⌠⌠ñC@�D≈��≡�ú≥≤�sWhBw��°A��⌠⌠ÑhC

��tⁿ��@�

��bΘxí��⌠⌠í��Wú��tLo�\αAjM�≤�y{��t

ⁿC

Yn��tLo�AziH��tⁿ��tLo� eC


��tⁿ��@�iα��Ct��αC b�tLo� eW��tⁿ��@

�ºßA�°��pΩ�C

p��z��pΩ��÷ΩTA��\ IBM Security QRadar �zΓUC

��tⁿ��@�

ziHzLbΘxí��⌠⌠í��tLo� eW��tⁿ��A��

≤�y{��tⁿjMC

{�

1. ÷@U�z��C


3. ÷@U��z��C

4. b�tjMμ�ñAΣJUC eG

�tLo�

5. ��½kΣ÷@UzQnss��tLo�C

6. ÷@U��C

7. ÷@UxsC

8. ÷@UTwC

9. ∩��G Yn��tⁿ��A�∩�UCΣñ@�∩�G

v ÷@U��C

v ��½kΣ÷@U eA�q\αϕñ∩��C

U@B

p�u��zv°íñπ�º��ΩTA��\ IBM Security QRadar �zΓ

UC

°A��m�⌠

QRadar SIEM ��⌠⌠ñ�°A�Aqú�≤��lípA�bo

⌠⌠�≤�≤�μaiμ�πC

YnTONAϕ�WhM��°A��¼AziHsW�O�m�π��}d≥ �

�mCziHΓ�Nú�X�@qT≤w�°A��¼ΘJ�U��uD≈wq�m

�⌠vñC �pANUC°A��¼sW��m�⌠AiHε�i@B�π�P��

nG

v N⌠⌠�z°A�sW� BB:HostDefinitionG⌠⌠�z°A��m�⌠C

v N Proxy °A�sW� BB:HostDefinitionGProxy °A��m�⌠C

v Nfr� Windows ≤s°A�sW� BB:HostDefinitionGfrwq�ΣL≤s°

A��m�⌠C

v N�}�q (VA) �y�sW� BB-HostDefinitionG�}�q�y�� IP �m�⌠C


u°A��v\α��Ωú]w�Ω�wA��⌠⌠W��¼�°A�C u°A

��v\α�CX��°A�AziH∩�Qn]Ab�m�⌠ñ�°A

�C

p��°A��÷ΩTA��\ IBM Security QRadar �zΓUC

��m�⌠AziHbΣLWhñ½��SwWh��C ziHzL��m�⌠

�π QRadar SIEM ��B�÷�WhAε��P�C

��sW°A��m�⌠

ziHN°A��sW��m�⌠C

{�

1. ÷@UΩú��C

2. b�²íμñA÷@U°A��C

3. b°A��¼MμñA∩�zQn��°A��¼C

N�l��Od�w]�C

4. ÷@U��°A�C

5. bu��°A�víμñA∩�zQnⁿú�°A�ñΓº��°A��∩�C

6. ÷@U�π∩��°A�C

OϕGziH��½kΣ÷@U⌠≤ IP �}�D≈WAHπ� DNS �RΩTC

Γ�sW°A��m�⌠

pG��°A�AziHΓ�N�°A�sW�Σ∩��uD≈wq�m�

⌠vC

{�

1. ÷@U≡��C

2. b�²íμñA÷@UWhC

3. bπ�MμñA∩��m�⌠C

4. bs�MμñA∩�D≈wqC

�m�⌠�W∩�≤°A��¼C �pABB:HostDefinitionGProxy °A�A

�≤⌠�ñ�� Proxy °A�C

5. YnΓ�sWD≈�⌠⌠A�÷ΓUAXz⌠��∩�uD≈wq�m�⌠vC

6. b�m�⌠μ�ñA÷@U�yϕ��a IP OUCΣñ@��ß�e�u

��C

7. bΘJ IP �}� CIDR μ�ñAΣJzQnⁿú��m�⌠�D≈W� IP �

}d≥C

8. ÷@UsWC

9. ÷@UúμC

10. ÷@U�¿C

11. w∩zQnsW�C@�°A��¼A½�WzBJC


tmWh

qΘxí�B⌠⌠í��≡��ñAziHtmWh��m�⌠C

{�

1. ÷@U≡��C

2. ÷ΓUzQn�d�≡�C

3. ÷@Uπ� > WhC

4. ÷ΓUWhC

ziHi@B�πWhC p��πWh��÷ΩTA��\ IBM Security QRadar

�zΓU

5. ÷¼uWhvδFC

6. buWhv��ñA÷@U�@C

7. ∩��G pGzQnεbWX≡�Od�íºßN≡�qΩ�wñ�úA�∩

�O@≡�C

8. ∩��G pGzQnN≡�ⁿú�Y� QRadar SIEM ��A�∩�ⁿúC

Mú SIM Ω��¼

Mú SIM Ω��¼HTOC@�D≈��≡�ú≥≤�sWhBw��°A��

⌠⌠ÑhC

{�

1. ÷@U�z��C

2. buπCWA∩�iÑ > Mú SIM �¼C

3. ∩�∩�G

v nMúAiN≡�]w�D@�ñC

v nMúft∩��≡��∩�Ai÷¼��≡�C

v wMúAi°ú��C

4. ÷@UzTwn½]Ω��¼�HΦ�C

5. ÷@U�≥iμC

6. �¿ SIM ½]Bz{�ºßA½sπzz�s²�C

�G

ϕzMú SIM �¼�A�÷¼��{�≡�C Mú SIM �¼ú�vT{��≤�y

{C


� 3 � }l�� QRadar SIEM

Yn}l�� IBM Security QRadar SIEMA�A�p≤�d≡�B��°iBjM�

≤By{�ΩúC

�pAziHzL��Θxí��⌠⌠í��ñ�w]wxsjMAjMΩTC z

]iH��xsz�v��qjMC

�z�iH⌡μUC@�G

v zL��Sw�hjM�≤Ω�A�b�GMμñπ��XjM�h��≤C ∩

�B��≤Ω��μC

v H°��ΦíY��°��dy{Ω�A��⌡μiÑjMHLoπ��y{C �°

y{ΩTAHPwp≤��⌠⌠Ω�yqAH�� ⌠⌠Ω�yqC

v �°��wA��ΩúA��jM⌠�ñ�SwΩúC

v �d⌠⌠W�≡�B�P��a IP �}B⌠⌠μ��º�C

v sΦB��B�{�tew]��q°iC

jM�≤

ziHjM QRadar SIEM bLh 6 �p�ñ¼��O�≤C

{�

1. ÷@UΘxí��C

2. buπCWA∩�jM > sjMC

3. bu�íd≥víμñAwq�≤jM��íd≥G

a. ÷@U�±C

b. b�±MμñA∩�e 6 �p�C

4. bujM��víμñAwqjM��G

a. b�@�MμñA∩��C

b. b�G�MμñA∩�Ñ≤C

c. b¬h��MμñA∩��OC

d. bCh��MμñA�ⁿw]�⌠≤C

e. ÷@UsWLo�C

5. bu�μwqvíμ�π�MμñA∩��≤W�C

6. ÷@UjMC

�÷u@:

� 18��yd�G≥≤wxs�jM��q°iz

ziHzL�JjM��q�hA��°iC

xs�≤jM�h

ziHxsⁿw��≤jM�hAH��C


{�

1. ÷@UΘxí��C

2. buπCWA÷@Uxs�hC

3. bjMW�μ�ñAΣJdjM 1C

4. bu�íd≥∩�víμñA÷@U�±C

5. b�±MμñA∩�e 6 �p�C

6. ÷@U]Ab��tjMñC

7. ÷@U]Ab��÷ϕOñC

pG�π�]Ab��÷ϕOñA�÷@UjM > sΦjMAHτ�zObu�

μwqvíμñ∩�F�≤W�C

8. ÷@UTwC

U@B

tm�í�C�ϕC p��÷ΩTA��\ytm�í�C�ϕzC

�÷u@:

ytm�í�C�ϕz

ziHπ�¼�í�í�C�ϕAΣNϕ�XSw�ííjjM�O²C

tm�í�C�ϕ

ziHπ�¼�í�í�C�ϕAΣNϕ�XSw�ííjjM�O²C

{�

1. b�ϕ�DCñA÷@Utm��C

2. bn�s��MμñA∩��a IP]�@p��C

3. b�ϕ�¼MμñA∩��í�CC

4. ÷@U��í�CΩ�C

5. ÷@UxsC

6. ÷@U≤s��Ω�C

7. Loz�jM�GG

a. ��½kΣ÷@UznLo��≤C

b. ÷@U≥≤�≤W��Lo�� <Event Name>C

8. Ynπ�÷��W��≤MμA�qπ�Mμñ∩��W�C

9. τ�z�jMb÷ϕO��WOiúG

a. ÷@U÷ϕO��C

b. ÷@Us�÷ϕO��C

c. bW�μ�ñAΣJd�q÷ϕOC

d. ÷@UTwC

e. bsW��MμñA∩�Θxí� > �≤jM > djM 1C


�G

wxs�≤jM��Gπ�bu÷ϕOvñC

�÷u@:

� 13��yxs�≤jM�hz

ziHxsⁿw��≤jM�hAH��C

jMy{

ziHY�jMB�°��dy{Ω�Cz]iH⌡μiÑjMAHLoπ��y

{C �°y{ΩTAHPwp≤��⌠⌠Ω�yqAH��≥⌠⌠Ω�yqC

{�

1. ÷@U⌠⌠í��C

2. buπCWA÷@UjM > sjMC

3. bu�íd≥víμñAwqy{jM�íd≥G

a. ÷@U�±C

b. b�±MμñA∩�e 30 �C

4. bujM��víμñAwqz�jM�hC

a. b�@�MμñA∩�y{ΦVC

b. b�G�MμñA∩�Ñ≤C

c. b�T�MμñA∩� R2LC

d. ÷@UsWLo�C

5. bu�μwqvíμ�π�MμñA∩��{íC

6. ÷@UjMC

�G

�π��Lh 30 ��y{ΦV�� (R2L) ��y{AH�÷��{í

μ�∩o y{iμ��C

xsy{jM�h

ziHxsⁿw�y{jM�hAH��C

{�

1. b⌠⌠í��uπCWA÷@Uxs�hC

2. bjMW�μ�ñAΣJWdjM 2C

3. b�±MμñA∩�e 6 �p�C

4. ÷@U]Ab��÷ϕOñ�]Ab��tjMñC

5. ÷@UTwC

U@B

��÷ϕO��C p��÷ΩTA��\� 16��y��÷ϕO��zC

�÷u@:

� 3 � }l�� QRadar SIEM 15

y��÷ϕO��z

ziHzL��xs�y{jM�hA��÷ϕO��C

��÷ϕO��

ziHzL��xs�y{jM�hA��÷ϕO��C

{�

1. b⌠⌠í�uπCWA∩��tjM > djM 2C

2. τ�z�jMO]Abu÷ϕOvñG

a. ÷@U÷ϕO��C

b. bπ�÷ϕOMμñA∩�d�q÷ϕOC

c. bsW��MμñA∩�y{jM > djM 2C

3. tmz�÷ϕO�ϕG

a. ÷@U]w��C

b. ��tm∩�A�≤w�s��B�π��½≤��B�ϕ�¼��ϕñπ�

��íd≥C

4. Yn�d�ϕñ�eπ��y{A�÷@Ub⌠⌠í�ñ�°C

�G

u⌠⌠í�v��π��X�í�C�ϕ��GC p��í�C�ϕ��÷Ω

TA��\ IBM Security QRadar ��ΓUC

�÷u@:

� 15��yxsy{jM�hz

ziHxsⁿw�y{jM�hAH��C

jMΩú

ϕzs�Ωú��A�π��uΩúv��J⌠⌠ñ��w��ΩúC Ynδ

��MμAziHtmjM��AHπ�zQn�d�Ωú]w�C

÷≤o�@�

��jM\αjMD≈]w�BΩú��OΩTC �OΩTú�≤h�Ω�A�p

⌠⌠W� DNS ΩTB��nJ� MAC �}C

{�

1. ÷@UΩú��C

2. b�²íμñA÷@UΩú]w�C

3. buπCWA÷@UjM > sjMC

4. pGzQnⁿJwxs�jMAh⌡μUCBJG

a. ∩��G bs�MμñA∩�zQnπ�bi��wxsjMMμñ�Ωúj

Ms�C

b. ∩�UCΣñ@�∩�G

v bΣJwxs�jM�qMμñ∩�μ�ñAΣJzQnⁿJ�jMWC


v bi��wxsjMMμñA∩�zQnⁿJ�wxsjMC

c. ÷@UⁿJC

5. bujM��víμñAwqz�jM�hG

a. b�@�MμñA∩�zQnjM�Ωú��C �pAD≈W�B�}�I�

��N��C

b. b�G�MμñA∩�zQn�≤jM��ó�C

c. b��μ�ñAΣJPjM��÷�SwΩTC

d. ÷@UsWLo�C

e. w∩zQnsW�jM�h�C@�Lo�A½�WzBJC

6. ÷@UjMC

d

z�¼�q�Aí��búϕQ� CVE ID CVE-2010-000C YnPwípñO�⌠

≤D≈e÷D��úϕQ��≡�A�⌡μUCBJG

1. qjM��MμñA∩��}í��C

2. ∩� CVEC

3. Yn�°e÷D��Sw CVE ID ≡�º��D≈�MμA�ΣJUCⁿOG

2010-000

p��÷ΩTA��\ Open Source Vulnerability Database (http://osvdb.org/) � (Na-

tional Vulnerability Database (http://nvd.nist.gov/)C

≡��d

��≡��AziH�d⌠⌠W�≡�B�P��a IP �}B⌠⌠μ��º�C

QRadar SIEM iH��≤�y{PP@≡��P⌠⌠o �≤ñ�≤h�⌠⌠Wº

��a IP �}�÷pC ziH��a�d⌠⌠ñ�C@�≡�C

�°≡�

ziH�d≡�B�P��a IP �}B⌠⌠μ��⌠⌠º�C

{�

1. ÷@U≡��C

2. ÷ΓUzQn�d�≡�C

3. buπCWA∩�π� > ��aC ziH�dC@��aAHPw��aOw

ⁿl�ϕ{Xi�μ�C

4. buπCWA÷@U�≤C

�G

u�≤Mμv°í�π�P≡��÷p��≤C ziHjMB��Loo �

≤C


http://osvdb.org/

http://nvd.nist.gov/

http://nvd.nist.gov/

d�G�� PCI °id�

��°i��AziH��B��sΦ°id�C

÷≤o�@�

��uΣIdú� (PCI)v°id�C

{�

1. ÷@U°i��C

2. Mú⌠�D@�ñ°i�∩�C

3. bs�MμñA∩�� > PCIC

4. ∩�MμW��°id�G

a. ÷@UMμW��@�°iC

b. zL÷ϕ Shift ΣA�÷@UMμW��ß@�°iA∩��°id�C

5. b�@MμñA∩��½�{C

6. s�ú �°iG

a. qú�°i�μñ�Mμ A∩�zQn�°º°i��íWOC

b. bμí�μñA÷@UzQn�°�°iμí��C

d�G≥≤wxs�jM��q°i

ziHzL�JjM��q�hA��°iC

÷≤o�@�

��zb� 13��yjM�≤zñ��≤�y{jM��°iC

{�

1. ÷@U°i��C

2. b�@MμñA∩��C

3. ÷U@BC

4. tm°i�{C

a. ∩�CΘ∩�C

b. ∩�uP�@vBuP�GvBuP�TvBuP��v�uP�¡v∩�C

c. ��MμA∩� 8:00 �W C

d. TOw∩�O - Γ�ú°i∩�C

e. ÷U@BC

5. tm°iGmG

a. bΦVMμñA∩�εVC

b. ∩�tΓ��ϕxs��GmC

c. ÷U@BC

6. b°i�Dμ�ñAΣJd°iC

7. tm��ϕxs�G

a. b�ϕ�¼MμñA∩��≤/ΘxC


b. b�ϕ�Dμ�ñAΣJd�≤jMC

c. bN�≤/Θx¡ε�eX�MμñA∩� 10C

d. b��¼MμñA∩�∩�°°�C

e. ÷@Ue 24 �p��Ω�C

f. b�≤°i�≥ªMμñA∩�djM 1C

��djM 1wxsjMñ�]w��N e�J�l��ñC

g. ÷@Uxsxs��Ω�C

8. tm��ϕxs�G

a. b�ϕ�¼MμñA∩�y{C

b. b�ϕ�Dμ�ñAΣJdy{jMC

c. bNy{¡ε�eX�MμñA∩� 10C

d. b��¼MμñA∩�∩�°°�C

e. ÷@Ue 24 �p��Ω�C

f. bi��wxsjMMμñA∩�djM 2C

��djM 2wxsjMñ�]w��N e�J�l��ñC

g. ÷@Uxsxs��Ω�C

9. ÷U@BC

10. ÷U@BC

11. ∩�°iμíG

a. ÷@U PDF � HTML �∩�C

b. ÷U@BC

12. ∩�°iteqDG

a. ÷@U°iD�xC

b. ÷@Uqll≤C

c. bΘJ°i��aqll≤�}μ�ñAΣJz�qll≤�}C

d. ÷@U]A°i@��≤C

e. ÷U@BC

13. �¿�u°ivδF�Ω�G

a. b°ií�μ�ñAΣJd��í�C

b. ÷@UO - bδF�¿�⌡μ°iC

c. ÷@U�¿C

14. ��ú�°i�μñ�Mμ�A∩�°i��íWOC

�÷u@:

� 13��yjM�≤z

ziHjM QRadar SIEM bLh 6 �p�ñ¼��O�≤C



n�

�ΩTYw∩ IBM bⁿΩ�ú�ºú�PA�}oC

bΣLΩa�a�ñAIBM úúo�ú��σ≤�ú�ºU�ú�BA�\αC�ó

ϕa� IBM �NϕAH�oϕa�eú��ú�MAº�÷ΩTC�σ≤bú

� IBM �ú�B{í�A�Aúϕ��t�uα�� IBM �ú�B{í�AC

un�I� IBM ºz]úvA⌠≤\α�ϕºú�B{í�A�i�N IBM º

ú�B{í�ACúLA⌠≤D IBM ºú�B{í�AA��μtd@

�º�⌠Mτ�d⌠C

�σ≤�í�ºDD eAIBM iα��ΣMQ�MQ��Cú��σ≤úNϕ��

o MQ��vC ziH�úX�vd Aτ�H�G

IBM Director of Licensing

IBM Corporation

North Castle Drive

Armonk, NY 10504-1785 U.S.A.

pGO�÷��r� (DBCS) ΩT��vd A�ó �bΩ� IBM z]úí

�A��úX�vd Aτ�H�G

Intellectual Property Licensing

Legal and Intellectual Property Law

IBM Japan Ltd.

19-21, Nihonbashi-Hakozakicho, Chuo-ku

Tokyo 103-8510, Japan

IBM Hu{¼vú��Aúú�⌠≤��q�ºO� (]A²ú¡≤iΓ��

�XSw��O�)C � a�bSwμ÷WAú�\�ú��t��O�A]�A

o�n�ú@wAXzC

�ΩTñiα��NW��LΩW��C ]�AIBM �w��qF�N�qß

� e�Js�ñC IBM H��∩i�/��≤�X��ú��ú��/�{íAút

μq�C

�ΩTñ⌠≤∩D IBM ⌠�� z��AIBM ∩�⌠��úú�⌠≤O�Co

⌠��ú��Ω�úO IBM �ú��Ω� eApGn��o ⌠��Ω�Az�

�μßIC

IBM oHU� IBM {�Aϕ�Φí��¼Q�ßú��⌠≤ΩTAL�∩Q�

ßtdC

pG�{íº≥�vH�F (i) b�O��{íMΣL{í]]A�{í�ºíμ½

ΩTAH� (ii) �¼��μ½�ΩTA]�n�÷�ΩTA�ó G


IBM Director of Licensing

IBM Corporation

North Castle Drive, MD-NC119

Armonk, NY 10504-1785US

o ΩTi�Aϕ°��oAbY ípU�IOΦo��C

IBM ≥≤ IBM �ßX�BIBM Ω�{í�vX��Φº⌠≤PÑX��°�Aú

��σ≤�ú��v{íPΣ��A��vΩ�C

C��αΩ��ßd��≤í��CΩ��α�Giα��Sw�tm�@

�°≤úPC

�σ≤�ú�ºD IBM ú�ΩTA��ú��A�ΣoG�n��ΣL�}�

DCIBM ��Lo ú�A]LkT{o D IBM ú��⌡μ�αB�e��⌠

≤∩ú��ΣLDiO��L�C�÷D IBM ú��αD��ó �ú��

��C

�÷ IBM ��V�⌠≤n�ANϕ IBM ��M��A�iα≤��²n��

ípU��M�C

π�� IBM �μ� IBM ��sΓ�AiH��≤útμq�C gP�º

�μiP�úPC

�ΩTt�Θ��B@��Ω�M°id�C �D¿iαa�πí�Ad�]AF

�HB�qB�PMú��WC ��o WúOΩc�Ap�⌠≤�ⁿΩ�°��

��W�a}ºBA��XC

��

IBMBIBM �x� ibm.com® O International Business Machines Corp. b@�\h�

��U��U��CΣLú��AWiαO IBM �ΣL�q��CIBM

��sMμibUC⌠}W� ″Copyright and trademark information ñΣ�G

www.ibm.com/legal/copytrade.shtmlC

Java M��H Java �≥ª��xO Oracle �]��Σl�q��U�

�C

MicrosoftBWindowsBWindows NT � Windows �xO Microsoft Corporation bⁿΩ

�/�ΣLΩa�a��C

ú�í�σ≤�°�

o X��\ivOϕ�UC°��C


http://www.ibm.com/legal/copytrade.shtml

A��

o °�O IBM ⌠��⌠≤��°��W°�C

�H��

Q�ßiH½εo X��AH�≤Q�ß�H�D��A�Od��vQn�

°�CDg IBM �\iAQ�ßúo¼Bπ��s@o X��Σñ⌠≤í�

�l @C

��

Q�ßiHb°� í½εB¼Mπ�o X��A�Od��vQn�°�C

Dg IBM �σPNAQ�ßúob°�ís@o X��l @A�½εB

¼�π�o X��Σñ⌠≤í�C

vQ

úF�\ivñ�T��ºv¡A�∩X��t⌠≤ΩTBΩ�BnΘ�ΣL

z]úA�T�⌠t��⌠≤ΣLv¡BnΘ��v�vQC

IBM OdH��μM�b��ºv¡�vQAϕX��≤ΣQq]� IBM

Pw��Aú�Aϕϕ�Wzⁿ�C

úD��ϕu@�A�ºk�W�]]A��ⁿΩXfk�W��AhQ�ßúo

UⁿBXf�AXf�ΩTC

IBM úO�o X�� e��T�CIBM Hu{¼vú��Aúú�⌠≤�

��q�ºO� (]A²ú¡≤iΓ��XSw��O�)C

IBM uW⌠pvn�

IBM nΘú�]]AnΘYA (SaaS) �MΦ�nΘAYunΘú�PAv�i

α�� Cookie �ΣL�N¼�ú��ΩTAH�U≤∩@δ��ΘτB�q

P@δ��¼��≤ΣL��Cb\hípUAunΘ��vú�¼�⌠

≤�H�OΩTC ��í�unΘ��v�U≤²zα¼��H�OΩTC p

G�unΘ��v�� Cookie ¼��H�OΩTAhHUúX��

Cookie ��÷ΩTC

°íp�tmwAunΘú�PAviα��Ñq@� Cookie ¼�C��

Ñq@� IDA�≤Ñq@��zM�OC o Cookie iH��A²Oo]NRúª

��\αC

pG��unΘ��víp�tm²z��ßα≈zL Cookie �ΣL�NAq@

δ��¼��H�OΩTAh��dA�≤��Ω�¼�º⌠≤k��z�v�

Xk��AΣñ]Aq��PN�⌠≤�DC

p�w∩o ��U��N]Σñ]A Cookie��÷ΩTA��\ Cook-

ies, Web Beacons and Other Technologies ñ� IBM ⌠pv�h]⌠}� http://

www.ibm.com/privacy �AH� IBM �uW⌠pv°�]⌠}� http://www.ibm.com/

privacy/details�AH�uIBM nΘú��nΘ@�A⌠pv°�v]⌠}� http://

www.ibm.com/software/info/product-privacy�C

n� 23

http://www.ibm.com/privacy


http://www.ibm.com/privacy/details/us/en/


http://www.ibm.com/software/info/product-privacy


⌠pv°��q

IBM nΘú�]]AnΘYA (SaaS) �MΦ�nΘAYunΘú�PAv�i

α�� Cookie �ΣL�N¼�ú��ΩTAH�U≤∩@δ��ΘτB�q

P@δ��¼��≤ΣL��Cb\hípUAunΘ��vú�¼�⌠

≤�H�OΩTC ��í�unΘ��v�U≤²zα¼��H�OΩTC p

G�unΘ��v�� Cookie ¼��H�OΩTAhHUúX��

Cookie ��÷ΩTC

°íp�tmwAunΘú�PAviα��Ñq@� Cookie ¼�C��

Ñq@� IDA�≤Ñq@��zM�OC o Cookie iH��A²Oo]NRúª

��\αC

pG��unΘ��víp�tm²z��ßα≈zL Cookie �ΣL�NAq@

δ��¼��H�OΩTAh��dA�≤��Ω�¼�º⌠≤k��z�v�

Xk��AΣñ]Aq��PN�⌠≤�DC

p�w∩o ��U��N]Σñ]A Cookie��÷ΩTA��\ Cook-

ies, Web Beacons and Other Technologies ñ� IBM ⌠pv�h]⌠}� http://

www.ibm.com/privacy �AH� IBM �uW⌠pv°�]⌠}� http://www.ibm.com/

privacy/details�AH�uIBM nΘú��nΘ@�A⌠pv°�v]⌠}� http://

www.ibm.com/software/info/product-privacy�C








Wⁿ��

�Wⁿ��ú� IBM Security QRadar SIEM nΘ�

ú��NyMwqC

�Wⁿ��ñ��UCμ¼��G

v ��\ ��zqD�n�Ny��n�NyA

�qYg��≈X�μíC

v t��\ ²z��÷�∩�NyC

p�ΣLNyMwqA��\ IBM Terminology ⌠�

]bs°íñ}��C

yT�z y��z y¡�z � 26��y�z �

26��yC�z � 26��yK�z � 26��yE

�z � 26��yQ�z � 27��yQ@�z �

27��yQG�z � 28��yQT�z � 28��

yQ��z � 29��yQC�z � 29��yQK

�z � 29��yQE�z � 29��yAz � 29

��yCz � 29��yDz � 29��yFz � 30

��yHz � 30��yIz � 30��yLz � 30

��yMz � 30��yNz � 30��yOz � 30

��yQz � 30��yRz � 30��ySz � 30

��yTz � 31��yWz

T�

ljM (sub-search)ib@��¿�jM�Gñ⌡μjMd �

\αC

l⌠⌠ (subnet)��\l⌠⌠ (subnetwork)C

l⌠⌠ (subnetwork, subnet)��p�W�ls�A²�Mμ¼s��

⌠⌠C

l⌠⌠Bn (subnet mask)∩≤⌠�⌠⌠l⌠⌠A32 ��Bn�≤�O

IP �}�D≈í�ñ�l⌠⌠�}��C

��

Θx�� (log source)ú �≤Θx�w�]��⌠⌠]�C

Θx�� (log source extension)]t�O��≤ eº�≤��

�Wϕ�í¼�� XML �C

�e�� (content capture)�≤��itm��tⁿqAMßNΩ�

xsby{Θxñ�Bz{�C

¡�

�� (Local To Local, L2L)Pq@��⌠⌠�t@��⌠⌠� í

Ω�yq�÷C

�� (Local To Remote, L2R)Pq@��⌠⌠�t@��⌠⌠� í

Ω�yq�÷C

ia� (credibility)0-10 ºí��±vA�≤Pw�≤�≡�

��π�Cbh��°i�P�≤�≡�

�Aia��W[C

�ß� (client)�≤nD°A�ú�A�nΘ{í�q

úC

í�y�m (external scanning appliance)s��⌠⌠AH¼�⌠⌠ñΩú��÷�}

ΩT�≈�C

Dn HA D≈ (primary HA host)s�� HA O��DnqúC

D�x (console)@ iHqñε�[εt�@��π�

�C

D≈⌠�wq (host context)�≤�°�≤�AAHTOC��≤pw

�δB@C

[K (encryption)bqúw�ñA�Bz{��≤NΩ�α½

�Lkδ��μíAq�lΩ�Lk�

oA�uα��KBz{��oC


http://www-306.ibm.com/software/globalization/terminology/

��

@��}�t� (Common Vulnerability Scor-ing System, CVSS)

�q�}Y½��t�C

��tⁿΩ� (payload data)]tb IP y{ñ��{íΩ�]úF�Y

��zΩTH�C

�Dt��X (autonomous system number,ASN) b TCP/IP ñAOⁿ�ⁿú IP �}��P�

zñ�ⁿú��Dt��XC�Dt��

Xi²��etΓk�O�Dt�C

μ� (behavior)@��≤�i[ε�GA]AΣ�GC

�n HA D≈ (secondary HA host)s�� HA O��RqúCpGDn HA

D≈óA�n HA D≈�ßDn HA D

≈�d⌠C

C�

≡� (offense)��°�°≤�e�Tº�ú ��

≤C�pA≡�Nú��hOwHI�⌠

⌠O�Dⁿ≡��÷ΩTC

@�ñ�t� (active system)b¬i�� (HA) O�ñAOⁿπ��

b⌡μ�A�t�C

�}�RqT≤w (Address Resolution Proto-col, ARP)

�≤N IP �}��∩M��⌠⌠ñ�⌠⌠

t�d�}�qT≤wC

¡ (identity)�Ω��XANϕ�HB�

�B�m��C

t�°� (system view)H°�Φíe{�¿t��Dn�ⁿ�zD

≈C

�π⌠�W� (fully qualified domain name,FQDN)

b⌠�⌠⌠qTñAOⁿD≈t��WA

]A⌠�W��lWC�pA�π⌠

�W� rchland.vnet.ibm.comC

�π⌠⌠W� (fully qualified network name,FQNN)

b⌠⌠ÑhñAOⁿ]A��í��½≤W

C�pA�π�⌠⌠W�

CompanyA.Department.MarketingC

K�

≈�� (key file)bqúw�ñA]t�}≈�BpK≈�B

H⌠��C

E�

�÷� (relevance)⌠⌠W�≤B��≡��∩vT�qC

½sπzp�� (refresh timer)Γ��w��o� í�mA�≤≤s

{μ⌠⌠í�Ω�C

½��y{ (duplicate flow)qúPy{�¼��PΩ��Θ�h�

Ω�C

H⌠xsw�� (truststore file)]tH⌠ΩΘº�}≈��≈�Ω�w�C

IJ �t� (intrusion detection system, IDS)�nΘ�≤��∩�≤⌠⌠�D≈t�@í

��ⁿ�°Ω��≡��¿\≡�C

IJw�t� (intrusion prevention system, IPS)�≤��τbcNí��t�C�≈

εiαA�LoBl��]wtv¡εC

�Rt� (standby system)b@�ñ�t�ó�A��¿@�ñ

�t�CpGw�� gAh�q@�

ñ�t��gΩ�C

�O (magnitude)Sw≡��∩½n��qC�OO��

�÷�BY½��ia�pΓ�[v�C

Q�

¬i�� (high availability, HA)PO�t��÷A�t��b�I��n{

íó�iμ½stmAHKu@qiH½

ste�O�ñ��l�IC


σR�� (parsing order)��iwqΘx�]@�@δ IP �}�

D≈W�º½n��Θx�wqC

y{ (flow)bμ��ízL��μ@Ω��ΘC

y{Θx (flow log)y{O²��XC

y{�� (flow sources)qñ��y{��Cy{�by{�

ⁿ�zD≈Ww��wΘ�� íAb

y{�e�y{¼��íC

qT≤w (protocol)@�WhA�≤εqT⌠⌠ñΓ�HW�

m�t�ºí�Ω�qT��eC

Q@�

Wh (rule)@�°≤í»zíAi²qút��O÷Y

��a⌡μ��C

�y� (scanner)jM Web ��{í �nΘ�}��w

�{íC

�ε (recon)��\�εC

�ε (reconnaissance, recon)¼�⌠⌠Ω�¡��÷ΩT�ΦkCiH�

�⌠⌠�y�ΣL�Ns⌠⌠Ω��≤

MμAMßVΣⁿúY½�h�C

��⌠⌠ (local area network, LAN)�≤s�¡ε��]pμ@jH��Θ�ñ

��mBiHs��≤j⌠⌠�⌠⌠C

º� (anomaly)P⌠⌠w�μ��tC

�p� (accumulator)@��s�AYBΓ�@�BΓ�iHxs

bΣñAHß�BΓ��G��N�BΓ

�C

�AD≈tmqT≤w (Dynamic Host Configu-ration Protocol, DHCP)

�≤�ñ�ztmΩT�qT≤wC�pA

DHCP ��N IP �}ⁿú�⌠⌠ñ�q

úC

��ϕ (reference table)�ϕμñ�Ω�O²Nwⁿú�¼��Σ

∩M�ΣL��ΣAMßA∩M�μ��C

�� (reference set)q⌠⌠W��≤�y{l �μ��M

μC�pAIP �}MμA��WM

μC

��∩M (reference map)N��Σ��∩M��Ω�O²A�pA

N��W∩M�s� IDC

��∩M� (reference map of sets)N@��Σ∩M�h��Ω�O²C�

pANS\��Mμ∩M�@�D≈C

QG�

°i (report)bd �zñA⌡μd �NμíM��Σ

ñ�ú �μí�Ω�C

°iíj (report interval)itm��ííjAb�íj�⌠�A�≤

Bz��N��w��≤�y{Ω��

e�DxC

¡I (leaf)b≡¼�cñAOⁿS�l��

IC

}±ít�¼s (OSI)�X�≤μ½ΩT�uΩ�� (ISO)v

��º}±ít�¼pC

}±{íX�}Ω�w (Open Source Vulnerabil-ity Database, OSVDB)

�⌠⌠w��s��}±{íXΩ�wA

iú��÷⌠⌠w��}��NΩTC

HW (violation)ñL�H��q�h��@C

L�O�í⌠��e (Classless Inter-DomainRouting, CIDR)

�≤sW�O Cu⌠�⌠⌠qT≤w (IP)v

�}�ΦkCo �}ú��u⌠�⌠⌠A

�� (ISP)v��ß��CCIDR �}

iε��eϕ�jpA��≤h IP �}b�

� i�C

Wⁿ�� 27

QT�

�� (Remote To Local, R2L)q��⌠⌠��⌠⌠�íΩ�yqC

�� (Remote To Remote, R2R)qY��⌠⌠�t@��⌠⌠�íΩ

�yqC

hD (gateway)�≤s�π�úP⌠⌠[c�⌠⌠�t��

�m�{íC

�Θ�εqT≤w (Transmission Control Proto-col, TCP)

⌠�⌠⌠�⌠≤ϕ��≤⌠�⌠⌠qT≤w

�u⌠�⌠⌠u{u@p� (IETF)v��ñ

��qT≤wCTCP b�]μ½�qT⌠

⌠��⌠⌠�μ¼s�t�ñú�Fia

�D≈∩D≈qT≤wCt��\⌠�⌠⌠

qT≤w (Internet Protocol)C

�eWh (routing rule)@�°≤Ab�≤Ω�í¼Σ�h�A�⌡

μ°≤�Hß�e��XC

Ω�w¡I½≤ (database leaf object)Ω�wÑhñ��≈½≤��IC

Ω�I (datapoint)��I��q��pΓ�C

Ωú (asset)wíp�Qnb@�⌠�ñíp�i�z½

≤C

�mΣ�� (Device Support Module, DSM)@�tm�A�≤σRqh�Θx��¼

��≤A�Nª�α½�i@�ΘXπ��

��[cμíC

Q��

�q¼�²s�qT≤w (Lightweight DirectoryAccess Protocol, LDAP)

@�}±íqT≤wAª�� TCP/IP ú

�Σ� X.500 �¼��²�s�vABú�

�P≤�°� X.500u�²s�qT≤w

(DAP)v�Ω��DC�pAziH��

LDAP b⌠�⌠⌠� í⌠⌠�²ñMΣH

B��ΣLΩ�C

∩M�� (reference map of maps)NΓ��Σ∩M�h��Ω�O²C�

pAN��{í��∩M��

IPC

�z@� (administrative share)∩L�zM�v��⌠��⌠⌠Ω�C

�z@��z�ú�⌠⌠t�W��Ω�

�s�vC

�P (false positive)k��Mw�I�≡��G

]ⁿX⌠�e÷D�≡��Ω�WLI�≡

�]úO�}�C

{� (credential)�≤�P��Bz{�Sws�v�Ω

T�C

�I (endpoint)⌠�ñ API �A��}CAPI �}�IA

�BP�IsΣLA��IC

�} (vulnerability)@�t�Bt�nΘ��nΘ�≤ �w

�n�C

Ω��y (live scan)i��Ñq@�Wq�y�Gñú °i

Ω��}�yC

⌠}α½ (Network Address Translation, NAT)b⌡≡ñAOⁿNw��u⌠�⌠⌠qT

≤w (IP)v�}α½�ín²��}Co

�iPí⌠⌠iμqTA²�Bnb⌡

≡ �� IP �}C

⌠�W�t� (Domain Name System, DNS)�≤N⌠�W∩M� IP �}��íΩ�

wt�C

⌠⌠½≤ (network object)⌠⌠Ñh��≤C

⌠⌠Ñh (network hierarchy)@�xs��¼AO⌠⌠½≤�Ñhí�

XC

⌠⌠h (network layer)b OSI [cñAOⁿú�A�hAibπ

�iw�A�Φ�}±ít�ºí��⌠

C

⌠�⌠⌠A�� (Internet service provider,ISP) iú�⌠�⌠⌠s�v��C


⌠�⌠⌠qT≤w (Internet Protocol, IP)�≤zL⌠⌠�¼p⌠⌠�eΩ��qT≤

wC�qT≤w�@�¬qT≤whPΩΘ

⌠⌠ºí�CCt��\�ΘεqT≤

w (Transmission Control Protocol)C

⌠�⌠⌠�εTºqT≤w (Internet Control Mes-sage Protocol, ICMP)

hD��⌠�⌠⌠qT≤wA�≤P�

D≈qTA�pA°iΩ�]ñ��C

QC�

EW (burst)eJ�≤�y{tv≡M@WA��vy{

��≤tvWX¡εC

pXíj (coalescing interval)�X�≤�íjCH 10 ϕ�íjiμ�≤

�XABHP⌠≤�epX�≤ú��

@��≤}lCbpXíj AeT��

�≤��X��e��≤Bz�C

��{í�� (application signature)�@�Φ�A��]��tⁿ��dl A

Mß�≤�OSw��{íC

QK�

α��a (forwarding destination)�≤qΘx��y{��¼�lM�W

�Ω��@�HW��t�C

O�Ω� IP �} (cluster virtual IP address)bDn��nD≈P HA O�ºí@�� IP

�}C

�÷⌠⌠�zqT≤w (Simple Network Manage-ment Protocol, SNMP)

@�qT≤wA�≤�°�í⌠⌠ñ�t�

��mCbu�zΩTw (MIB)vñwq�

xsⁿ�z�m��÷ΩTC

°Ω¼Tº�OX (Hash-Based Message Authen-tication Code, HMAC)

��[K�°Ωτ��K≈��[KXC

≈�� (offsite target)�≈Dn�x�q�≤ε��¼�≤�Ω

�y{��mC

≈�� (offsite source)�≈Dn�x��mA�≤N�W�Ω�α

��≤¼��C

QE�

Y½� (severity)�∩��a�P��÷��qC

A

ARP ½s�V (ARP Redirect)b⌠⌠sbD�Aq�D≈�@� ARP

ΦkC

ARP ��\�}�RqT≤w (Address Resolu-

tion Protocol)C

ASN ��\�Dt��X (autonomous system

number)C

C

CIDR ��\L�O í⌠��e (Classless Inter-

Domain Routing)C

CVSS ��\@��}��t� (Common Vulner-

ability Scoring System)C

D

DHCP ��\�AD≈tmqT≤w (Dynamic Host

Configuration Protocol)C

DNS ��\⌠�Wt� (Domain Name Sys-

tem)C

DSM ��\�mΣ�� (Device Support Mod-

ule)C

F

FQDN ��\�π⌠�W (fully qualified domain

name)C

FQNN ��\�π⌠⌠W (fully qualified net-

work name)C

Wⁿ�� 29

H

HA O� (HA cluster)�Dn°A��@��n°A��¿�¬i

��tmC

HA ��\¬i��C

HMAC ��\°Ω¼Tº�OX (Hash-Based Mes-

sage Authentication Code)C

I

ICMP ��\⌠�⌠⌠εTºqT≤w (Internet

Control Message Protocol)C

IDS ��\IJ��t� (intrusion detection sys-

tem)C

IP h½�e (IP multicast)Nu⌠�⌠⌠qT≤w (IP)vΩ�]�Θ�

t��AH�¿μ@h½�es�C

IP ��\⌠�⌠⌠qT≤w (Internet Proto-

col)C

IPS ��\IJwt� (intrusion prevention sys-

tem)C

ISP ��\⌠�⌠⌠A�� (Internet service

provider)C

L

L2L ��\�� (Local To Local)C

L2R ��\�� (Local To Remote)C

LAN ��\��⌠⌠ (local area network)C

LDAP ��\q¼�²s�qT≤w (Light-

weight Directory Access Protocol)C

M

Magistrate�≤��wq��qWh�R⌠⌠Ω�yq

�w��≤� í�≤C

N

NAT ��\⌠}α½ (Network Address Transla-

tion)C

NetFlow�≤�°⌠⌠Ω�yqy{Ω�� Cisco ⌠

⌠qT≤wCNetFlow Ω�]A�ß�M°

A�ΩTB��≡AH�zLs��⌠⌠

�μ½�M⌠��y��M�]�

�CΩ��e�iμΩ��R� NetFlow ¼

��C

O

OSI ��\}±ít�¼s (open systems inter-

connection)C

OSVDB��\}±{íX�}Ω�w (Open Source

Vulnerability Database)C

Q

QID ∩M (QID Map)��[c�≤�OC��@��≤A�N

�≤∩M�CÑM¬Ñ��AHPw�÷p

M��≤�ΦíC

R

R2L ��\�� (Remote To Local)C

R2R ��\�� (Remote To Remote)C

S

SNMP ��\�÷⌠⌠�zqT≤w (Simple Net-

work Management Protocol)C

SOAP @�q¼ XML ¼qT≤wA�≤bD�

ñ��í⌠�ñμ½ΩTCSOAP iH�

≤d ��ΩTA�Is⌠�⌠⌠ñ�A

C

superflow]th�π��ⁿ eºy{AHzLε�

xsΘ¡εW[Bzeq�μ@y{C

T

TCP ��\�ΘεqT≤w (Transmission Con-

trol Protocol)C


W

whois °A� (whois server)�≤��wn²⌠�⌠⌠Ω��÷ΩT

]p⌠�W� IP �}tm��°A�C

Wⁿ�� 31


��

��HñσrA�σrA�S

ϕ��º��CC

e��fWⁿ�� 25




IBM®

Printed in Taiwan

Documents

QRadar SIEM JUpublic.dhe.ibm.com/software/security/products/qradar/...Yn IBM Security QRadar ú ñ \α u@Az Σ Web s² C ϕzs QRadar t A ú zΘJ W PKXC W PKX z ²tmC UϕCXFΣ Web s²