IBM QRadar

IBM QRadar

Join this online user group to communicate across Security product users and IBM experts by sharing advice and best practices with peers and staying up to date regarding product enhancements.

 View Only
Back to discussions
Expand all | Collapse all

Events from azure activity logs through Event hub are encrypted format

  • 1.  Events from azure activity logs through Event hub are encrypted format

    Posted Fri August 23, 2024 02:32 AM

    Hi Team,

    Does anyone know why some alerts received in qradar have obfuscated or looks encrypted format ( Example: alertid=*****************************) from azure activity logs via Event hub?

    Are there any configuration issues? or is it by default it's encrypted?

    Any documentation for the issue?

    Log source type - Microsoft Azure Platform

    Protocol used:  Microsoft Azure Event Hubs

    Thanks



  • 2.  RE: Events from azure activity logs through Event hub are encrypted format

    Posted Tue September 24, 2024 12:46 PM

    Hi,

    I just hate valid questions being unanswered for such a long time :-)

    1st of all. MS Event hub is a bit tricky and very much depends on your oS type being tracked by azure activity log. However I have never seen this like shown in your log  example being  encrypted. So I just would make sure that obfuscation isnt used in your environment and you have all the access right you need. Trivial alerts like device powered up and down should definitely show up unencrypted.



    ------------------------------
    [Karl] [Jaeger] [#ibmchampion]
    [QRadar Specialist]
    [cnag]
    [Siegen] [Germany]
    ------------------------------

    Original Message


Related Content