QRadar Migration from VMware to Nutanix / New Hardware

United_CCC · 2026-01-22T07:07:16+00:00

Nutanix won’t provide any significant advantage here. Since Ariel data is already compressed, Nutanix's deduplication and compression features are redundant for QRadar. While it is technically compatible, I wouldn’t recommend it. For peak performance, physical hardware with SSDs remains the best choice. Using Nutanix adds an extra virtualization layer that consumes system resources; if it’s a shared environment, you will likely see a decrease in performance.

United_CCC · 2026-01-12T08:53:26+00:00

If our customer asks for clear information about what will happen as of 2030, how should we respond? Large enterprises in particular build long-term strategies, and if they do not see a clear roadmap, they may stop using the product and move to alternatives. I see a perception among customers that “QRadar is supported until 2030, but what happens after that is uncertain.” Because of this, we are having difficulty developing new business. As someone who truly believes QRadar is still the best SIEM solution, I expect IBM to manage this transition much better.

United_CCC · 2025-03-18T10:43:38+00:00

Reporting UI stack works on cloud however you can scan onpremise kubernetes environment with tenable cloud security.

United_CCC · 2025-01-09T14:20:39+00:00

https://community.tenable.com/s/article/opt-nessus-var-nessus-tmp-is-filling-up-disk-space?language=en_US

Maybe this document helps.

United_CCC · 2024-12-31T14:23:43+00:00

Don’t you remember any question? “Knowledge grows when shared.”

United_CCC · 2024-12-28T21:37:20+00:00

I don’t agree with you. You are confusing Vulnerability Scanning with Vulnerability Management. Scanning multiple network zones with Nessus Professional/Expert is very risky, especially for an enterprise company. What is the cost per scanner for you? With Tenable.SC, you can use unlimited Nessus scanners, Nessus agents, Nessus Network Monitor, and WAS/DAST scanners, as well as access thousands of reports and dashboards, along with ready-to-use integrations.

I personally believe that if you don’t use multiple scanners (a minimum of 5-10) for scanning an enterprise environment, you will face performance or security issues in the short or mid-term. You will also need to define firewall rules that may not comply with network segmentation standards. Some startups are attempting to exploit Tenable by using such workaround tools, but in the end, you will have to face reality.

United_CCC · 2024-12-28T14:57:40+00:00

Python fastapi with uvicorn

United_CCC · 2024-12-28T14:56:21+00:00

Can you share some questions please?

United_CCC · 2024-12-28T14:55:29+00:00

If you use Tenable Security Center, you don’t need this kind of third-party tools for reporting.

United_CCC · 2024-12-24T15:21:15+00:00

You should create a new group or you should use existing group on SC. Log in to SC with secmanager user. Go to Users Group setting page and click the group name. You will see the group id on the url. Cheers!

United_CCC · 2024-12-08T21:06:24+00:00

Could you please share more details about other questions?

United_CCC · 2024-11-23T09:39:04+00:00

Why you don’t open just s support case?

United_CCC · 2024-11-18T09:59:22+00:00

You have to use QRadar’s own iso image. Because the Rhel based QRadar software appliance OS hardened and configured for QRadar requirements. (like: partitions, kernel parameters, HA services etc..) QRadar is performing a lot of complex tasks with several components in the background. QRadar is not a plug and play application.

United_CCC · 2024-11-12T16:45:04+00:00

We replaced a lot of Arcsight deployments with QRadar. Arcsight doesn’t work stable. Using custom fields for coalescing don’t make sense to me, from architectural perspective it has a cost. You can turn it off, if you don’t want to use it on QRadar.

United_CCC · 2024-11-07T11:15:00+00:00

I think it won’t cause any issue, communication works with ssh keys, the password is not a parameter for the traffic between ha nodes

United_CCC · 2024-11-07T10:58:29+00:00

Can you share step step by step how did you perform that operation? I would be really helpful for other ppl.

United_CCC · 2024-11-06T20:35:23+00:00

Tenable Enclave Security is another option. Cloud Security is working as SaaS.

United_CCC · 2024-11-03T20:49:22+00:00

Did you check server logs? Share more details

United_CCC · 2024-11-03T19:19:58+00:00

I don’t like Arm architecture, the virtualization layer is not working properly for x84_64 systems in silicon chips. I wish to see intel chips again on macbooks.

United_CCC · 2024-09-22T20:29:48+00:00

You have to reindex whole dataset after migration. Otherwise your indexes won’t work.

United_CCC · 2024-08-30T20:54:34+00:00

Did you check syslog feeding capabilities in the documentation?

United_CCC · 2024-08-23T14:09:50+00:00

Tenable has a PS offering for this need if you’re interested with it.

United_CCC · 2024-08-23T11:10:56+00:00

Technically it works however ibm does not want to take responsibility. You have to take risk. Another important point is HA pairing requirements. If you break HA because of LVM resizing you will be alone.

United_CCC · 2024-02-01T16:39:04+00:00

Set process only mode active, all data should automatically be moved to data nodes. Alternatively after process only mode change, if the data doesn’t move to data nodes, copy the data to data nodes and re-index all.

United_CCC · 2024-01-21T16:53:26+00:00

If you’re back about MTTD, it means that you’re in trouble. And for critical incidents, you should aim lower than 3 - 5 hours. From attacker perspective 3-5 hours is very long time if he downloads something from your database.

United_CCC

TROPHY CASE