IBM QRadar SOAR

IBM QRadar

Join this online user group to communicate across Security product users and IBM experts by sharing advice and best practices with peers and staying up to date regarding product enhancements.

 View Only

  • 1.  User Password and Auditing

    Posted Tue December 10, 2019 08:42 AM

    Hi there, 

    Is there a way to force a password reset in Resilient every x number of days if we are not using LDAP? 

    Additionally, if we wanted to audit who is accessing Resilient and from what IP/MAC Address how would we be able to monitor that?  

    Thanks, 

    Adina



    ------------------------------
    Adina Bodkins
    ------------------------------


  • 2.  RE: User Password and Auditing

    Posted Tue December 10, 2019 04:21 PM
    Hello Adina,

    As far as for "audit who is accessing Resilient and from what IP/MAC Address", you can find this information in the log file. Please check the client_access.log file in the log folder.

    I am still search for answer for your first question.

    Thanks,

    ------------------------------
    Yongjian Feng
    ------------------------------

    Original Message


  • 3.  RE: User Password and Auditing

    Posted Wed December 11, 2019 09:32 AM
    Specifically the following type of message is logged to the client.log:


    14:29:52.637 [http-nio-443-exec-6] INFO audit.session - msg_id=1;user_email=blurie@resilientsystems.com;ip_address=9.108.161.72;user_name=Ben Lurie;user_id=27;msg=User login successful.

    Messages for failed logins are also logged in this way. This is an auditing feature of Resilient and can be integrated to log to syslog or other log collection systems. There should be documentation available for this feature.

    ------------------------------
    Ben Lurie
    ------------------------------

    Original Message