The IBM QRadar is a security information and event management or SIEM product that is designed for enterprises. The tool collects data from the organization and the network devices. It also connects to the operating systems, host assets, applications, vulnerabilities, user activities, and behaviors.
Questions tagged [qradar]
31 questions
2
votes
1 answer
Sending security access logs
Security team has requested access logs of our bomgar appliance to be sent to their qradar (enterprise security information and event management (SIEM) product) server over port 514.
Will the events be properly sent when filling out the URL field…
fujioshi
- 21
- 1
2
votes
1 answer
How to log .NET to QRADAR
I am writing a .NET application that needs to send LOG information to an IBM Logging System.
Does anyone have any experience with this? Thanks.
The IBM Logging System is called QRADAR.
user3593830
- 21
- 1
- 2
1
vote
0 answers
Unable to verify the request using self signed certificate
I am trying to send a request to a REST API using an SSL certificate.
Following is the code snippet I have written:
import requests
import os
url = "https://ip_address/api"
headers = {
'Authorization': 'Bearer bearer_token'
}
path =…
Python_coding
- 31
- 4
1
vote
1 answer
Supported events from Azure to QRadar
Are the resource logs (which are part of platform logs) from Azure supported in QRadar or do we need to build a custom parser for each of the resource type in the subscription?
I read the DSM documentation of QRadar, and it mentions platform…
Born-Writing4814
- 11
- 2
1
vote
0 answers
Send different logs with rsyslog
I'm currently using rsyslog to send logs from a Linux server to QRadar (IBM's SIEM).
However, the server sends a lot of logs and I would like to filter them directly in the rsyslog.conf file. But if I write someting else than
*.* @MyServerIp
no logs…
Gabriel DRAY
- 11
- 3
1
vote
1 answer
Syslog-ng service error on restart - syslog forward to Qradar
Hopefully my qeustion is in the right place.
I am currently trying to forward syslogs from an Ubuntu machine to a Qradar machine.
They're on the same network and i already managed to get Rsyslog to work, but it isn't supported by Qradar. Therefore,…
Tommaso Pellegrini
- 45
- 7
1
vote
1 answer
Range Header Must Use Appropriate Property or Method
I've searched high and low and asked on the product forums, but cannot seem to figure this out.
Using PowerShell 5 I'm attempting to limit my results by using a range header in the way the API documentation indicates. However, I receive the…
MrMr
- 483
- 1
- 9
- 25
1
vote
0 answers
IBM Qradar - Hardcoded devicetypeid doesn't work with other application with same devicetypeid?
Assume my log source extension has 4001 as hard-coded value as devicetypeId. If any app installed on the same machine is already using 4001, my extension automatically gets a different ID like 4002 while installing. This creates a problem for custom…
Tarang Dave
- 331
- 2
- 11
0
votes
1 answer
If a log is sent to Qradar such as syslog, the log can be forwarded to a python script?
I'm trying to make an IBM Qradar app framework.
I want to know it is possible to pass the event log as a python script variable.
The way the app works is as follows.
Firewall log send to Qradar using syslog.
When an event log occurs, the app…
kerberos94
- 35
- 3
0
votes
0 answers
Sending messages to QRadar using Python - any solutions?
Send message to Qradar with Python
Hi everyone! Does anyone know how to use Python to send a message to QRadar? I need to write a function that takes json as an argument and sends it to the user's Qradar. Qradar REST API doesnt have an endpoint to…
0
votes
0 answers
NGINX is not able to show some pages from 3rd party applications
I am using NGINX(Openresty) to host 3rd party application (IBM QRadar) with server block and proxy_pass to the running application in tomcat, Everything is working fine but some pages are not loading.
Those pages are add-on plugins in the QRadar…
0
votes
0 answers
QRadar AQL search for a timechart: EPS on time range, broken down daily
I have a report to build on QRadar.
The focus is to get the EPS grouped by log source.
This goal has been achieved, simply googling and building a query like this:
SELECT LOGSOURCENAME(logsourceid) AS "Log Source", SUM(eventcount) AS "Number of…
Luca Sepe
- 733
- 4
- 19
- 30
0
votes
1 answer
How to set rule in qradar if something does not occur in event payload for some time?
I would like to set rule, if qradar does not find the string in event payload for one week? How can I do it?
I am looking to list of conditions, but I did not find any suitable condition. I have this:
when the event(s) have not been detected by one…
rumcajs
- 11
- 2
0
votes
1 answer
IBM Qradar CE V7.3.3 Integration with nextcloud
i have been working on my research about how effective IBM Qradar SIEM tools to protect private cloud against APT attack. I use Nextcloud as my private test cloud, that have been installed on ubuntu server. i want to ask about how to integrate…
Poh
- 1
0
votes
0 answers
Is there a way to hit a url that exposes API with GET request and stream that data to kinesis data stream?
I have been working to get data from API that returns data and I have to stream that data to Kinesis data stream for further processing.
I have and IAM account with specific permissions. Also do let me know what privileges should I ask my AWS…
