IBM Certification C1000-156 Book

The primary method used by IBM QRadar SIEM V7.5 to alert users to problems is through System Notifications. Here’s how it works:

System Notifications: These are alerts generated by QRadar to inform users of various issues, such as system performance problems, license issues, or security incidents.

Visibility: Notifications are prominently displayed in the QRadar GUI, ensuring that administrators and users can quickly identify and respond to any problems.

Customization: Users can configure notification settings to receive alerts for specific types of issues, ensuring they stay informed about critical aspects of the system’s health and performance.

ReferencesIBM QRadar SIEM documentation outlines the use of System Notifications as theprimary method for alerting users to issues, detailing how to configure and manage these alerts.

To track network bandwidth violations by any application coming from your network source and report on all applications that create traffic along with the amount of data from each IP address, you need to store the IP address, the application, and the amount of data in a reference data collection. The appropriate type of reference data collection for this use case is a "Reference map." Here is why:

Reference Map: A reference map allows you to store key-value pairs where each key is unique. In this context, the key can be the combination of the IP address and the application, and the value can be the amount of data (total bytes).

Data Structure: This structure enables efficient lookups and updates, which is ideal for tracking and reporting bandwidth usage per application per IP address.

Use Case Suitability: The reference map is suitable for scenarios where you need to store and retrieve values based on a specific key, and it supports storing complex data structures efficiently.

This type of reference data collection supports the use case by allowing the storage and retrieval of detailed network traffic information per application and IP address.

ReferencesIBM Security QRadar SIEM and IBM Security QRadar EDR integration.pdf​