Hi Guido
the right place to ask your question is https://community.ibm.com/community/user/security/communities/community-home/digestviewer?communitykey=f9ea5420-0984-4345-ba7a-d93b4e2d4864&tab=digestviewer
However I had the same problem you had. When searching for Qradar at tech exchange I ran into ILMT cause it contains a Qradar discussion as well which is found by the search engine insid. Better use bookmarks for getting to your favourite communities.
Nevertheless we discuss man QRadar CE issues in there. The topic of today is another one. There are many possible problems for rules not triggering offenses even so it worked some day. Without a sample or screenshot there is no RCA possible. Pls check all my CE discussion posts for a 101 regarding what might have gone wrong.
BTW the screenshot shows why searching for your topic may result in getting lost in user groups. I may post a blog entry or something like that to prevent people getting lost.
------------------------------
[Karl] [Jaeger] [Business Partner]
[QRadar Specialist]
[pro4bizz]
[Karlsruhe] [Germany]
[4972190981722]
------------------------------
Original Message:
Sent: Thu February 15, 2024 10:29 AM
From: Guido Lippolis
Subject: IBM QRadar
Hi guys. I am having some issues while using IBM QRadar SIEM, v.7.3, community edition. Even if rules are enabled, payloads sent through syslog don't trigger them. This has been working until some days ago, but it suddenly stopped working. Any ideas?
------------------------------
Guido Lippolis
------------------------------