1. Introduction
Hello, in this article we will discover how to modify the configuration file of QRadar in order to unlock some cool features for testing purposes or to solve issues. Those options are, to be used in test environments preferably, that’s why it can have huge impacts on your infrastructure.
Warning: I am not responsible of any dysfunctionment of any kind that could occur after the application of actions described in this article. That is why, I must warn you and invite you when it is possible to make backups and test in developement environments before any changes.
2. HowTo
In QRadar, you will find most of the parameters in the following file:
/store/configservices/staging/globalconfig/nva.conf
To apply modifications on this file you will have to deploy the new configuration. The common way to do so is graphically via the Admin tab. Here some configuration examples you can modify:
- APP_CONSOLE_MEMORY_PERCENT
- CUSTOM_ACTION_TIMEOUT
The first parameter allows to define, in percentage, the quantity of RAM memory allocated to applications on the console. Indeed, by design and for the console integrity, QRadar limits the percentage of RAM memory that all applications can have. The default value is 10% and for All-In-One environments or in development environments this limit is quickly reached. That is why, increasing this value provides more flexibility. Howerver, you have to keep in mind that the RAM memory is not endless and other services in QRadar have to work properly to deliver full service such as the web server, collection services or databases services for example.
The second parameter is for the timeout, in seconds, for “Custom Script” functionnality. In fact, if you are using “Custom Script” to trigger and execute some code, QRadar keeps an eye on it and will kill the script if it lasts too long. Yet, you may want to increase this value to execute more complex scripts or scripts that, by design, take some time to execute because it waits for other things to be completed in order to go on. Always, remember that this limitation is for a reason and increasing it may degrade the performance.
3. Conclusion
Now we are at the conclusion of this little article. I hope you will have learn some new stuff and I hope that it triggers new ideas on your side. Do not hesitate to share ideas of cool parameters that can be modified to improve QRadar use or to test interesting things.
Thank you for reading this article, I really hope it’s been useful! Do not hesitate commenting via the forms just below.