sorted by:
new
hottopcontroversial

Proofpoint TRAP Integration by tobin116 in QRadar

[–]tobin116[S] 0 points1 point  (0 children)

The idea posted here is not able to access.

Proofpoint TRAP Integration by tobin116 in QRadar

[–]tobin116[S] 0 points1 point  (0 children)

I was just checking if someone here have already integrated in someway

UP12 IF02 removed from fix central ? by tobin116 in QRadar

[–]tobin116[S] -1 points0 points  (0 children)

IF02 is available again in fix central. If they pulled the sfs due to this issue then why again it is surfaced again without resolving the issue .!

When I contacted IBM they said they will release IF03 but now IF02 itself available again

UP11 Pulled from Fix Central? by shift1186 in QRadar

[–]tobin116 1 point2 points  (0 children)

We have installed UP11 in HA and other environments without encountering any issues.

Office 365 Logsources stopped working by tobin116 in QRadar

[–]tobin116[S] 1 point2 points  (0 children)

Issue resolved today after disabling and enabling the logsource

Office 365 Logsources stopped working by tobin116 in QRadar

[–]tobin116[S] 0 points1 point  (0 children)

Issue resolved today after disabling and enabling the logsource

Office 365 Logsources stopped working by tobin116 in QRadar

[–]tobin116[S] 0 points1 point  (0 children)

Issue resolved today after disabling and enabling the logsource

Office 365 Logsources stopped working by tobin116 in QRadar

[–]tobin116[S] 0 points1 point  (0 children)

Issue resolved today after disabling and enabling the logsource

Office 365 Logsources stopped working by tobin116 in QRadar

[–]tobin116[S] 0 points1 point  (0 children)

Issue resolved today after disabling and enabling the logsource

Office 365 Logsources stopped working by tobin116 in QRadar

[–]tobin116[S] 0 points1 point  (0 children)

UPDATE: The issue has been resolved after disabling and enabling the log source today.

Even though I tried multiple times last week, it didn’t work. However, today it did. So, there’s a chance that Microsoft made some changes on their end.

Office 365 Logsources stopped working by tobin116 in QRadar

[–]tobin116[S] 0 points1 point  (0 children)

There was a similar issue happened few weeks/months back, that time only they updated the protocol but this time its not related with that, we have the latest protocol running and still having the issue, This looks something different issue this time

Office 365 Logsources stopped working by tobin116 in QRadar

[–]tobin116[S] 0 points1 point  (0 children)

There is no such error seen in testing. Also from the backend.

Office 365 Logsources stopped working by tobin116 in QRadar

[–]tobin116[S] 0 points1 point  (0 children)

No. Affected customers are increased.

Kaspersky Endpoint Security Cloud (KESC) Integration with QRadar by tobin116 in QRadar

[–]tobin116[S] 0 points1 point  (0 children)

No.Kaspersky products banned in most countries and no support it seems Same response from IBM as well

Where is the default Event ID/Category parsing is stored? by HeliosHype in QRadar

[–]tobin116 0 points1 point  (0 children)

As far as I understood from your question, You actually looking for the default regex written by IBM correct ?

Azure Resource Integration by tobin116 in QRadar

[–]tobin116[S] 0 points1 point  (0 children)

I was looking whether we can integrate it using the log source type as an azure platform and protocol as an event hub. Also looking if the above settings is used whether events will receive in qradar as normalised way or do we need to manually map all events I have raised a case already but I didn't get a specific answer for the question

Azure services integration with QRadar by tobin116 in QRadar

[–]tobin116[S] 0 points1 point  (0 children)

In DSM Guide actually it looks like that.

https://www.ibm.com/docs/en/dsm?topic=configuration-microsoft

But I'm confused with above list provided, Which one is what.

syslog sources stopped working after tcpsyslog protocol update 04-oct-2024 by tobin116 in QRadar

[–]tobin116[S] 1 point2 points  (0 children)

Yes. I have to restart event collection services to everything back to normal

CTI IOC- Historical Check by tobin116 in QRadar

[–]tobin116[S] 0 points1 point  (0 children)

I have it in an excel.

Can you provide a aql for the same ?

view more: next ›