Hello Community
Has anyone made the switch from QRadar to Chronicle? What were the biggest challenges and benefits you encountered?
Also , How did you approach translating your QRadar network hierarchy into Chronicle ?
Page 1 / 1
HI Rached,
I've worked with plenty of customers converting from one SIEM to SecOps. The hierarchy is very specific to every particular customer need.
The biggest challenges are typically one of these
1.) Rerouting the Windows endpoint traffic using WEF/WEC, Bindplane, Cribl, NX Log or if cloud based MS endpoints how to get data from Blob or Event Hub Storage.
2.) Ingestion / Parsing to make sure the biggest data sources are addressed immediately and any need for parsing updates are identified and addressed.
3.) Rule Converting. There's tons of curated detections which cover a large portion of an organization but there's also going to be a bunch of custom rules that will need conversion as well.
HI Rached,
I've worked with plenty of customers converting from one SIEM to SecOps. The hierarchy is very specific to every particular customer need.
The biggest challenges are typically one of these
1.) Rerouting the Windows endpoint traffic using WEF/WEC, Bindplane, Cribl, NX Log or if cloud based MS endpoints how to get data from Blob or Event Hub Storage.
2.) Ingestion / Parsing to make sure the biggest data sources are addressed immediately and any need for parsing updates are identified and addressed.
3.) Rule Converting. There's tons of curated detections which cover a large portion of an organization but there's also going to be a bunch of custom rules that will need conversion as well.
Thanks for your reply
Reply
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.