List of terms and acronyms used by QRadar Support
What are the common terms and acronyms used by QRadar Support?
The following terms and acronyms are commonly used when working with QRadar Support.
Note: For a more generic set of terms and acronyms used across IBM, see IBM Terminology.
Authorized Program Analysis Report: A request for correction of a defect in a supported release of a program supplied by IBM.
A case is used to track a question, feedback, or an issue with your QRadar environment. This is used as the interface between a customer and the QRadar Support team.
Command-line interface: Direct access to the Red Hat Enterprise Linux (RHEL) system where specific commands can be run. Any file or database manipulation should be avoided without consulting QRadar Support.
Provides the QRadar product user interface. The interface delivers real-time event and flow views, reports, offenses, asset information, and administrative functions. In distributed QRadar deployments, use the QRadar Console to manage hosts that include other components.
Duty Manager: Link to Adrian's article when created
Data Node: Data Nodes enable new and existing QRadar deployments to add storage and processing capacity on demand as required. Data Notes increase the search speed on your deployment by allowing you to keep more of your data uncompressed.
Lenovo Dynamic System Analysis: Collects and analyzes system information to aid in diagnosing hardware issues. For steps on generating a DSA on QRadar, see Technote 1990898: QRadar: Dynamic System Analysis (DSA) report.
Event Collector: Gathers events from local and remote log sources. Normalizes raw log source events. During this process, the Magistrate component, on the QRadar Console, examines the event from the log source and maps the event to a QRadar Identifier (QID). Then, the Event Collector bundles identical events to conserve system usage and sends the information to the Event Processor.
Event Processor: Processes events that are collected from one or more Event Collector components. The Event Processor correlates the information from QRadar products and distributes the information to the appropriate area, depending on the type of event. The Event Processor can also collect events if you do not have an Event Collector in your deployment.
Flow Collector: Passively collects traffic flows from your network through span ports or network taps. The IBM Security QRadar QFlow Collector also supports the collection of external flow-based data sources, such as NetFlow.
An external IBM website from which installation packages of all IBM products for the fix pack and interim fix releases can be downloaded.
High-Availability: If your hardware or network fails, QRadar can continue to collect, store, and process event and flow data by using high-availability (HA) appliances. For more information, see HA overview on IBM Knowledge Center.
IBM Customer Number: A unique number that IBM issues its customers during the post contract signing entitlement process. For more information, see Technote 1507387: What is my IBM Customer Number (ICN)?
Managed Host: A non-console host in your QRadar environment, such as an EC, EP, or DN. For more information, see Managed hosts on IBM Knowledge Center.
QRadar Packet Capture: A network traffic capture and search application. You can use QRadar Packet Capture to search captured network traffic by time and packet envelope data. For more information, see Introduction to QRadar Packet Capture on IBM Knowledge Center.
Problem Management Record: A record of the activities performed during the course of resolving a customer reported problem. PMRs are no long used with QRadar Support as they have been replaced by cases.
QRadar Incident Forensics: Allows you to retrace the step-by-step actions of a potential attacker and quickly and easily conduct an in-depth forensics investigation of suspected malicious network security incidents. For more information, see IBM QRadar Incident Forensics.
QRadar Risk Manager: A separately installed appliance for monitoring device configurations, simulating changes to your network environment, and prioritizing risks and vulnerabilities in your network. QRadar Risk Manager is accessed by using the Risks tab on your IBM Security QRadar SIEM Console.
QRadar on Cloud: A cloud-based service of QRadar. QRadar on Cloud provides IBM security professionals to manage the infrastructure, while your security analysts perform the threat detection and management tasks. For more information, see QRadar on Cloud overview.
QRadar Vulnerability Manager: A network scanning platform that detects vulnerabilities within the applications, systems, and devices on your network or within your DMZ. QRadar Vulnerability Manager uses security intelligence to help you manage and prioritize your network vulnerabilities. For more information, see Overview of QRadar Vulnerability Manager on IBM Knowledge Center.
Request for Enhancement: Process to follow when asking for enhancements or requests for new features for IBM Security QRadar products. For more information, see Technote 1641764: Request for Enhancements.
User Interface: A web-based interface where you can view and manager your QRadar environment.