IBM QRadar

IBM QRadar

Join this online user group to communicate across Security product users and IBM experts by sharing advice and best practices with peers and staying up to date regarding product enhancements.

 View Only

  • 1.  Privilege Access Management Reporting

    Posted Tue August 25, 2020 05:30 PM

    Im sure you get this all the time from people in the audit/compliance community I have not received a report from Qradar that I can use to attest our controls ☹.. perhaps I am not looking in the right place.. can Qradar give me a report based on the variables below and the people involved?

    • Administrator Account created
    • Administrator Password changed
    • Administrator or User account concurrent login from different IP addresses
    • Account privilege elevation to Admin

    This is a RAW Privilege Access Malmanagement report request.. we are plugged into LDAP so we should be able to show who shot John ☹



    #QRadar
    #Support
    #SupportMigration


  • 2.  RE: Privilege Access Management Reporting

    Posted Thu August 27, 2020 09:54 AM

    Hello.

    Are you referring to Active directory events? if yes then you will need to create custom reports for the above. First you will need to create a search criteria based on either QID or other parameters like Microsoft event id, then call the search into a report then automate it.

    T&R



    #QRadar
    #Support
    #SupportMigration


  • 3.  RE: Privilege Access Management Reporting

    Posted 5 days ago

    Hello,

    Why are you trying to get these reports from QRadar? The PAM  system should have ready-made reports for what you mentioned. Even if it doesn't, it seems like they could be created as custom reports.

    Thanks.



    ------------------------------
    mertcan kasap
    ------------------------------

    Original Message


Related Content