Aricoma CDC Platform

A cloud-native, open platform built on open technologies like containers and Kubernetes; with a rich ecosystem; and choice of deployment locations, you can securely deploy, run, and manage your data and applications on-premise or in the cloud of your choice, without the risk of lock-in.

The Aricoma CDC Platform for QRadar XDR include backup deletion, monitoring, network hierarchy parsing, prophylaxis, rule export, and VirusTotal integration. These applications enhance system performance, security, and incident response capabilities.Backup Deletion – this script is designed for the automated deletion of backups in QRadar when disk usage exceeds 90%. The automation prevents outages caused by a lack of free disk space, ensuring smooth system operation. The script regularly monitors available capacity and, upon exceeding the set limit, begins safely removing old backups according to predefined rules.

• Backup Deletion – this script is designed for the automated deletion of backups in QRadar when disk usage exceeds 90%. The automation prevents outages caused by a lack of free disk space, ensuring smooth system operation. The script regularly monitors available capacity and, upon exceeding the set limit, begins safely removing old backups according to predefined rules.
• Monitoring Scripts – scripts for monitoring outages of individual QRadar components have functionalities for generating syslog messages or sending email notifications. Besides standard monitoring processes, they include oversight of QRadar elements and applications not covered by built-in monitoring mechanisms. This allows for more effective detection of outages and their rapid escalation. The monitoring also incorporates advanced correlation rules that track log increases for specific groups of log sources and rules for detecting other anomalies involving parsing and correlation. This solution provides a flexible tool for improving insight into QRadar operations and minimizing the risk of unexpected problems.
• Network Hierarchy – this script is custom-made for a customer and is used for parsing HTML exports of their wiki that contains information about the network hierarchy. The parsed data is then stored in a JSON file in the required format, which is compatible with QRadar. The script allows for full automation and currency of the Network Hierarchy in SIEM.
• Prophylaxis Script – this script facilitates and accelerates system prophylaxis. The user only needs to replace the SEC token and IP address according to the specific customer (variables qradar_url and token). The script displays available API options directly in the console, allowing for quicker implementation of controls and automatic report generation. If a specific API function is not offered, the script provides an alternative procedure or the required AQL queries.
• Rule Exporter – this script combines the functions of the perl script contentManagement.pl and allows for easier export of rules from QRadar. It simplifies rule management and saves administrators' time through a more efficient data processing method.
• VirusTotal Info – this script enriches reports and AQL queries with three additional pieces of information obtained from the VirusTotal platform. This enables faster and more accurate detection of potential threats. The integration results provide administrators with more information for decision-making during incident analysis.

The Aricoma CDC Platform offer several significant benefits that enhance the performance, security, and incident response capabilities of QRadar XDR systems:

Overall, these extensions support a more robust, efficient, and secure QRadar XDR environment, reducing manual effort, preventing potential system issues, and enhancing threat detection and response capabilities.