IBM QRadar

IBM QRadar

Join this online user group to communicate across Security product users and IBM experts by sharing advice and best practices with peers and staying up to date regarding product enhancements.

 View Only

  • 1.  CISCO ISE Logs on QRadar ending with comma ?

    Posted Wed April 29, 2020 10:10 AM

    Hello all,

    I hope all of you are doing fine.

    We have several Cisco ISE devices sending logs on QR but 95% of all logs, no matter their size, are ending with comma.

    Payloads with 500 characters or with 4000 characters both ending with comma.

    I also i see many payloads that are exactly 1024 characters, and this looks very suspicious to me that the payloads are not full.

    Do you have any ideas ? Could help me about any special settings in ISE or on QRadar ? or if you also have payloads ending with comma ?



    ------------------------------
    John Fourlanos
    ------------------------------


  • 2.  RE: CISCO ISE Logs on QRadar ending with comma ?

    Posted Mon May 04, 2020 02:00 PM
    John
    I have just noticed this also recently upgraded to 7.3.3 p3. My UDP payload side is set to 1024​

    ------------------------------
    Bruce Hutchinson
    ------------------------------

    Original Message


  • 3.  RE: CISCO ISE Logs on QRadar ending with comma ?

    Posted Wed May 06, 2020 11:41 AM
    Hey ,
    In QRadar there is an option to increase the payload length.Default TCP and UDP are set at 4096 and 1024.

    admin>>System settings(Switch to advanced)>>Set the UDP or TCP payload length>>save>>deploy changes if required.

    Thanks.

    ------------------------------
    Jabez Daniel
    ------------------------------

    Original Message


Related Content