IBM QRadar

IBM QRadar

Join this online user group to communicate across Security product users and IBM experts by sharing advice and best practices with peers and staying up to date regarding product enhancements.

 View Only

  • 1.  Sysmon Event Forward

    Posted Tue June 01, 2021 04:48 PM

    Hello,

    We're forwarding events from a windows machine to qradar through wincollect, the pulling interval is 3000ms and its taking almost 10min for events show up in Qradar console. Is there a way to improve this time?

    Regards



    #QRadar
    #Support
    #SupportMigration


  • 2.  RE: Sysmon Event Forward

    Posted Mon June 07, 2021 08:04 PM

    You can change the time of the WinCollect poll from 3000ms down if necessary. The protocol section I think also has a pull down for the type of server, light, heavy, etc.

    If you use Snare Agents, nx-log, syslog-ng to send it will be instantaneous.



    #QRadar
    #Support
    #SupportMigration


Related Content