IBM QRadar

IBM QRadar

Join this online user group to communicate across Security product users and IBM experts by sharing advice and best practices with peers and staying up to date regarding product enhancements.

 View Only

  • 1.  Log IBM Qradar

    Posted Fri January 05, 2024 11:44 AM

    Hello everyone, currently I have wincollect installed on Windows 10, and I want when I open an application on Win10 to receive a detailed log of which application I opened. I don't know if that can be done. Are not ?



    ------------------------------
    Tran Huy
    ------------------------------


  • 2.  RE: Log IBM Qradar

    Posted Mon January 08, 2024 08:47 AM

    Within Windows Event Viewer you should be able to find the specific log path of whichever application logs you are looking to collect. You can then gather the X-Path query for that location by right clicking on the location, selecting filter, and then copying the full X-Path query.

    Once you've got that Query, you can then go into the agent and add a new local source using the standard Windows Security Event source and selecting the custom x-path channel and pasting your query in there. 

    Here is a helpful article: https://www.ibm.com/support/pages/qradar-wincollect-how-use-microsoft-event-viewer-create-xpath-query 



    ------------------------------
    Doug Lonneman
    ------------------------------

    Original Message