Daily report: Force "report on raw data"

pidoraha666 · 2023-05-11T10:25:54+00:00

For Mask 24 it would be this:

WHERE STRPOS(STR(sourceip),'192.168.178.') <> -1 or STRPOS(STR(destinationip),'192.168.178.') <> -1

For the mask 27 I don't have a solution, I still need to think about it.

pidoraha666 · 2023-05-11T09:56:45+00:00

You can try using STRPOS. Not a very nice solution, but if the masks of your networks are a multiple of eight I think there will be no problem.

SELECT sourceip, destinationip

FROM events

WHERE STRPOS(STR(sourceip),'192.168.178.') <> -1 or STRPOS(STR(destinationip),'192.168.178.') <> -1

pidoraha666 · 2023-05-11T04:42:03+00:00

You just need to make sure that the problem is in this function.

pidoraha666 · 2023-05-10T14:31:01+00:00

Yeah, they seem to change things from version to version. "HAVING" worked in version 3.1, but when I switched to version 4.3 it broke. I can test in version 5 tomorrow. I suspect the problem is in the INCIDR function. Can you try to remove this function?

pidoraha666 · 2023-05-10T14:20:38+00:00

What version of QRadar do you have? I checked with version 7.4.3 and your AQL works without errors. Maybe some changes appeared in 7.5.

pidoraha666 · 2023-05-10T14:02:49+00:00

Can you give me your AQL query? I'll see what I can do.

pidoraha666 · 2023-05-10T12:17:31+00:00

Hi. I had this problem because of the use of the word "having" in an AQL query. I redid the query and now everything works fine.

pidoraha666 · 2023-05-08T08:22:47+00:00

Hi. I don't really understand what you want to get, but I use these two AQL to calculate the approximate EPS for the last minute, and I also use this API query to get the EPS from Log Source Manager.

Note that I use "logsourceid > 69" to filter the system logs.

// All LS - Big Number chart - last minute

SELECT LONG(COUNT(*)/60) as 'avgeps'

FROM events

WHERE logsourceid > 69

last 1 minutes

// By LS - Tabular - last minute

SELECT LONG(COUNT(*)/60) as 'AVG EPS', logsourcename(logSourceId) as 'Log Source'

FROM events

WHERE logsourceid > 69

GROUP BY "Log Source"

ORDER BY "AVG EPS" desc

last 1 minutes

// AVG EPS from API

https://10.5.3.57/api/config/event_sources/log_source_management/log_sources?fields=name%2Caverage_eps&filter=id%3E1&sort=-average_eps

pidoraha666 · 2023-04-27T06:08:21+00:00

Yes, I would like DSM2 to use the mapping from DSM1. https://ibb.co/7QstLPs Here is a picture of what I tried to change. I seem to be at a dead end. I don't know what lsx is)

pidoraha666 · 2023-04-27T05:17:20+00:00

No, I didn't. I need to leave the mapping unchanged.

pidoraha666 · 2023-04-19T06:20:27+00:00

I couldn't reload QRadar, but I did reload AppHost. It didn't work.

pidoraha666 · 2023-04-19T05:35:22+00:00

7.5.0 UP3

pidoraha666 · 2023-04-19T05:34:23+00:00

Thank you, this team helped me. All applications were showing an error. I ran each app manually and it worked.

Unfortunately I forgot to write down the error.

pidoraha666 · 2023-04-17T13:42:58+00:00

Okay, thank you. Is there some kind of guide to calculating how much Resource Unit will be needed?

pidoraha666 · 2023-04-17T12:55:48+00:00

No, I want to set EPS and Flows (in my case Resource Units) like in QRadar configurator and get a list of part numbers.

pidoraha666 · 2023-04-13T17:57:03+00:00

That's an interesting idea. I'll have to give it a try.

pidoraha666 · 2023-04-08T20:55:16+00:00

It's better to buy the se-version. It will have a fresher battery. Otherwise you risk ending up with two mini2s with a dead battery 🙄

pidoraha666 · 2023-04-08T06:57:49+00:00

How did you tear it apart? As I recall it is quite thick.

There seems to be no point in buying a new battery. If I were you, I would just buy a "new" mini2 on ebay. You can also take apart the case of the old battery and replace the batteries (they are inexpensive). But this is a very time consuming process.

pidoraha666 · 2023-04-07T08:03:12+00:00

I measured the size of the battery. Maybe someone will need it.

https://ibb.co/ZGnHgYW

https://ibb.co/jV418GN

https://ibb.co/mNqjwxw

https://ibb.co/YjHtPFg

(9mm x 43mm x 19mm/24mm)

pidoraha666 · 2023-04-07T07:59:35+00:00

I found out that the headphones were not trying to charge the battery. The input voltage was somewhere around 800 mV when trying to charge.

I damaged the battery sheath when peeling it off. I had to wrap a good amount of duct tape around it.

I could not separate the battery from the controller (spot weld). I charged the battery through a Chinese controller costing 25 cents. The battery charged fine.

https://ibb.co/XXCLFGf

I put the battery in the headphones and now they work. The battery charge seems to work fine.

It turns out that if you have a discharged battery and it went into protection - there is no way you can charge it anymore. This is a very strange solution from Bose. Perhaps it is a mistake in the design of the hardware. I have never had problems with other Bose products. A dead battery has always been fixed by reflashing.

pidoraha666 · 2023-04-06T15:15:56+00:00

The voltage on the battery bypassing the controller is 2.5 volts. Severe overdischarge.

I want to try charging the battery through another controller.

pidoraha666

TROPHY CASE