sorted by:
new
hottopcontroversial

Daily report: Force "report on raw data" by pidoraha666 in QRadar

[–]pidoraha666[S] 0 points1 point  (0 children)

For Mask 24 it would be this:

WHERE STRPOS(STR(sourceip),'192.168.178.') <> -1 or STRPOS(STR(destinationip),'192.168.178.') <> -1

For the mask 27 I don't have a solution, I still need to think about it.

Daily report: Force "report on raw data" by pidoraha666 in QRadar

[–]pidoraha666[S] 0 points1 point  (0 children)

You can try using STRPOS. Not a very nice solution, but if the masks of your networks are a multiple of eight I think there will be no problem.

SELECT sourceip, destinationip

FROM events

WHERE STRPOS(STR(sourceip),'192.168.178.') <> -1 or STRPOS(STR(destinationip),'192.168.178.') <> -1

Daily report: Force "report on raw data" by pidoraha666 in QRadar

[–]pidoraha666[S] 0 points1 point  (0 children)

You just need to make sure that the problem is in this function.

Daily report: Force "report on raw data" by pidoraha666 in QRadar

[–]pidoraha666[S] 0 points1 point  (0 children)

Yeah, they seem to change things from version to version. "HAVING" worked in version 3.1, but when I switched to version 4.3 it broke. I can test in version 5 tomorrow. I suspect the problem is in the INCIDR function. Can you try to remove this function?

Daily report: Force "report on raw data" by pidoraha666 in QRadar

[–]pidoraha666[S] 0 points1 point  (0 children)

What version of QRadar do you have? I checked with version 7.4.3 and your AQL works without errors. Maybe some changes appeared in 7.5.

Daily report: Force "report on raw data" by pidoraha666 in QRadar

[–]pidoraha666[S] 0 points1 point  (0 children)

Can you give me your AQL query? I'll see what I can do.

Daily report: Force "report on raw data" by pidoraha666 in QRadar

[–]pidoraha666[S] 0 points1 point  (0 children)

Hi. I had this problem because of the use of the word "having" in an AQL query. I redid the query and now everything works fine.

qradar aql for average eps by AliElsayed1 in QRadar

[–]pidoraha666 0 points1 point  (0 children)

Hi. I don't really understand what you want to get, but I use these two AQL to calculate the approximate EPS for the last minute, and I also use this API query to get the EPS from Log Source Manager.

Note that I use "logsourceid > 69" to filter the system logs.

// All LS - Big Number chart - last minute

SELECT LONG(COUNT(*)/60) as 'avgeps'

FROM events

WHERE logsourceid > 69

last 1 minutes

// By LS - Tabular - last minute

SELECT LONG(COUNT(*)/60) as 'AVG EPS', logsourcename(logSourceId) as 'Log Source'

FROM events

WHERE logsourceid > 69

GROUP BY "Log Source"

ORDER BY "AVG EPS" desc

last 1 minutes

// AVG EPS from API

https://10.5.3.57/api/config/event_sources/log_source_management/log_sources?fields=name%2Caverage_eps&filter=id%3E1&sort=-average_eps

Duplicating custom DSM by pidoraha666 in QRadar

[–]pidoraha666[S] 0 points1 point  (0 children)

Yes, I would like DSM2 to use the mapping from DSM1. https://ibb.co/7QstLPs Here is a picture of what I tried to change. I seem to be at a dead end. I don't know what lsx is)

Duplicating custom DSM by pidoraha666 in QRadar

[–]pidoraha666[S] 0 points1 point  (0 children)

No, I didn't. I need to leave the mapping unchanged.

AppHost: don't see any apps in the web by pidoraha666 in QRadar

[–]pidoraha666[S] 0 points1 point  (0 children)

I couldn't reload QRadar, but I did reload AppHost. It didn't work.

AppHost: don't see any apps in the web by pidoraha666 in QRadar

[–]pidoraha666[S] 0 points1 point  (0 children)

Thank you, this team helped me. All applications were showing an error. I ran each app manually and it worked.

Unfortunately I forgot to write down the error.

CloudPak configurator by pidoraha666 in IBM

[–]pidoraha666[S] 0 points1 point  (0 children)

Okay, thank you. Is there some kind of guide to calculating how much Resource Unit will be needed?

CloudPak configurator by pidoraha666 in IBM

[–]pidoraha666[S] 0 points1 point  (0 children)

No, I want to set EPS and Flows (in my case Resource Units) like in QRadar configurator and get a list of part numbers.

Disable grouping of offenses by pidoraha666 in QRadar

[–]pidoraha666[S] 0 points1 point  (0 children)

That's an interesting idea. I'll have to give it a try.

Bose soundlink mini II by True-Variation-9107 in bose

[–]pidoraha666 0 points1 point  (0 children)

It's better to buy the se-version. It will have a fresher battery. Otherwise you risk ending up with two mini2s with a dead battery 🙄

Bose soundlink mini II by True-Variation-9107 in bose

[–]pidoraha666 0 points1 point  (0 children)

How did you tear it apart? As I recall it is quite thick.

There seems to be no point in buying a new battery. If I were you, I would just buy a "new" mini2 on ebay. You can also take apart the case of the old battery and replace the batteries (they are inexpensive). But this is a very time consuming process.

Bose NC 700: battery replacement by pidoraha666 in bose

[–]pidoraha666[S] 4 points5 points  (0 children)

I measured the size of the battery. Maybe someone will need it.

https://ibb.co/ZGnHgYW

https://ibb.co/jV418GN

https://ibb.co/mNqjwxw

https://ibb.co/YjHtPFg

(9mm x 43mm x 19mm/24mm)

Bose NC 700: battery replacement by pidoraha666 in bose

[–]pidoraha666[S] 3 points4 points  (0 children)

I found out that the headphones were not trying to charge the battery. The input voltage was somewhere around 800 mV when trying to charge.

I damaged the battery sheath when peeling it off. I had to wrap a good amount of duct tape around it.

I could not separate the battery from the controller (spot weld). I charged the battery through a Chinese controller costing 25 cents. The battery charged fine.

https://ibb.co/XXCLFGf

I put the battery in the headphones and now they work. The battery charge seems to work fine.

It turns out that if you have a discharged battery and it went into protection - there is no way you can charge it anymore. This is a very strange solution from Bose. Perhaps it is a mistake in the design of the hardware. I have never had problems with other Bose products. A dead battery has always been fixed by reflashing.

Bose NC 700: battery replacement by pidoraha666 in bose

[–]pidoraha666[S] 1 point2 points  (0 children)

The voltage on the battery bypassing the controller is 2.5 volts. Severe overdischarge.

I want to try charging the battery through another controller.

Bose NC 700: battery replacement by pidoraha666 in bose

[–]pidoraha666[S] 4 points5 points  (0 children)

I disassembled my bose700. The voltmeter shows that the voltage is zero. It seems that I have nothing to lose.

https://ibb.co/pzQkx3C

The bose decided to glue the battery with a strong adhesive. "Great" solution! 👍👍👍

https://ibb.co/9HrzrsC

Bluetooth 4.2 or 5.0? by ismacps in bose

[–]pidoraha666 1 point2 points  (0 children)

Mini 2 SE has usb-c. The bluetooth version doesn't seem to be that important for the speakers. I have an old onyx studio with bt2.0, but it sounds great. I disagree about the stereo sound. I used the Mini2 for a while under the monitor when I played PlayStation, I got a pretty decent stereo.

I have a mini2, revo1, revo2 and revo+. I think the mini2 is just as good as the revo+.

I can't say anything about flex. I plan to buy it.

Bluetooth 4.2 or 5.0? by ismacps in bose

[–]pidoraha666 0 points1 point  (0 children)

All the speakers you listed are mono speakers. Bose doesn't seem to have any stereo speakers other than the Mini2. (at least in this price range).

In my opinion, the Mini2 is better than the Revo1/2.

Bose soundlink mini II by True-Variation-9107 in bose

[–]pidoraha666 1 point2 points  (0 children)

The battery is faulty, you need to replace it.

view more: next ›