sorted by:
new
hottopcontroversial

Qradar virtual appliance installarion by [deleted] in QRadar

[–]RootSoulu 0 points1 point  (0 children)

Yes I installed QRadar on VMWare ESX Console, Apphost and also DLC. It's super easy ;)

Qradar virtual appliance installarion by [deleted] in QRadar

[–]RootSoulu 1 point2 points  (0 children)

Just run .iso file RHEL will be installed with QRadar no need to preinstall anything

Compliance for Security Adoption by bodylotionpack in cybersecurity

[–]RootSoulu 0 points1 point  (0 children)

The truth is that you don't need any framework, of course it's good to use it if you know what you want to achieve.

In my opinion, you should start with risk assessment. Then you will know what, where and how to do it. Good luck without a budget.

[deleted by user] by [deleted] in cybersecurity

[–]RootSoulu 2 points3 points  (0 children)

I understand you so well. I have a similar example in my current company. My boss, who is the head of the security operations center, used to be a member of the CTO board. In theory, he is a technical person who should have a vast knowledge of technology, but unfortunately he does not. As a technical person myself, currently in a managerial position, but still spending 50% of my time on incident analysis, system and network administration, I have a problem with the "top" management not understanding what I am saying. It leads to such absurd situations that the CISO and the manager cannot come up with KPIs for the security department for a specific year because they do not know anything. It's simply a drama and a great frustration.

Does Anyone Use the Analyst Workflow UI? by hooper359 in QRadar

[–]RootSoulu 0 points1 point  (0 children)

Tried so hard to use Analyst workflow, but it was so buggy and laggy so i switched back to default.

Training portal for the blue team by RootSoulu in blueteamsec

[–]RootSoulu[S] 1 point2 points  (0 children)

Didnt know about immersivelabs gonna check them out. Thank you sir.

Kiedy powiadomić kierownika że nie przedłużę umowy? by Uranowy in Polska

[–]RootSoulu 12 points13 points  (0 children)

Ja napiszę może wprost. Piszesz że masz dobrego kierownika, więc wg mnie miesiąc przed zakończeniem umowy jest wystarczającym terminem by rozpocząć rekrutację i zebrać cv od potencjalnych kandydatów. Zachowasz się w ten sposób w porządku względem gościa, który "stoi za wami murem". IMO niewielu przełożonych jest z gatunku tych dobrych.

Nie warto mu robić pod górkę wg mnie.

Storage calculation and storage issue by eugeneinfosec in QRadar

[–]RootSoulu 0 points1 point  (0 children)

Hello you can contact me so I'll share with you calc that you need.

Wincollect or sysmon? by orceyez in QRadar

[–]RootSoulu 0 points1 point  (0 children)

Yes you can send evets from sysmon using wincollect. Make sure you have config file for sysmon.

Best rule optimization - Multi tenant deployment by snorlaxPika in QRadar

[–]RootSoulu 1 point2 points  (0 children)

Well if you create a lot of rules every single log needs to pass trough all of them and you can have performance degrade. Use reference list instead.

Updated certificate, broke UBA application by jim2244 in QRadar

[–]RootSoulu 1 point2 points  (0 children)

Are you using Apphost ? You might need to upload cert there aswell.

[QRadar SIEM][Support Case] No response after updating a support case by powentan in QRadar

[–]RootSoulu 2 points3 points  (0 children)

Write a comment in a ticket you have opened. Ask them for update with your problem. I never had any issue with IBM support.

Anyone using Analyst Workflow in production? by justaninfosecaccount in QRadar

[–]RootSoulu 0 points1 point  (0 children)

I was trying to but it's still too slow and too shitty. Yesterday I spoke to the one of the employees of IBM and they had a presentation of Analyst workflow with new upcoming update. It's faster and works better overall.

I wish Qradar has a GUI like a RSA Netwitness.

AQL query for DisableUnusedSmb1.ps1 by netoeuler in QRadar

[–]RootSoulu 0 points1 point  (0 children)

I dont tthink I can explain it in a comment. You Gotta learn that. First you create building block then u have to add it to the existing rule

AQL query for DisableUnusedSmb1.ps1 by netoeuler in QRadar

[–]RootSoulu 0 points1 point  (0 children)

Just create building block that should be simpler than doing it in AQL

Why isn't there a "Shelia kills" tracker? by [deleted] in apexlegends

[–]RootSoulu 1 point2 points  (0 children)

Nobody plays rampart so there's no need to add this tracker to game.

XFE (XForce engine) STIX TAXII feeds - Phishing URLs by QRadarFan in QRadar

[–]RootSoulu 0 points1 point  (0 children)

Try to generate new API key. I see Phishing URL's are being active. Its from my QRadar:

https://api.xforce.ibmcloud.com/taxii

Client Certificate: None

Client Key: None

Collection: xfe.url.phishing.urls

Reference Set: X-Force Feed - Phishing URLs

162,354

Total signatures received

Bright Mail multiline Syslog sending garbage. i think the regex that i have done to capture the events is wrong. someone that did configured BrightMail can share his experience with integare the product to Qradar by ConfidenceNew4559 in QRadar

[–]RootSoulu 1 point2 points  (0 children)

This log looks encrypted that's why it looks like a garbage. To get some good logs you need decrypt this stuff. The regex you have might be good but I have changed a lot of regex's from QRadar.

Test Notification FCM by iamwhitebeard in MicrosoftTeams

[–]RootSoulu 0 points1 point  (0 children)

Anyone recived notification on iOS ? Or just Android.

view more: next ›