IBM Security QRadar

 View Only

What’s new in Log Source Management App v5.0.0

By Sophia Sampath posted Fri August 16, 2019 08:43 PM

  

What’s new in Log Source Management App v5.0.0

- In QRadar V7.3.2 Fix Pack 3 or later, test your log source configuration to ensure that the parameters are correct.

- The CSV file of downloaded log sources includes a Status Messages column. You can view the status of the log source, any errors or warnings, and whether the log source is enabled or disabled.

 

Log Source Testing

 

You can now test your log source configuration to ensure that the settings are correct. The test runs from the host that is specified by the Target Event Collector setting and can collect sample event data from the target system.

Note: Please ensure that the log source is disabled prior to running the test for this log source.

 

Configure Event Collection Settings

 

You can edit the event collection settings to configure the number of events you want to collect and enable Debug Messages to provide additional context for any error messages you may encounter.

 

 

Start Log Source Testing

 

Once you’ve configured the event collection settings, you can run the test to confirm a successful connection to the integration – in this example, Microsoft Office 365.

 

In the screenshot below, you can observe a series of successful test cases that cover a number of connections and the credentials for this integration. If the test is successful, it outputs a list of events that are generated upon connection to the integration.

 

In addition, you can expand each test case to view detailed connection responses as shown in the screenshot below.

 

Quickly Debug Log Source Errors

 

You can now easily troubleshoot network connectivity issues between the log source and the third-party integration. In the example shown below, I have saved and deployed log source changes. The failed test quickly highlights an issue with invalid credentials; whereas before, I would have to resort to other methods to determine the problem.

 

 

Log Source Testing Settings

Downloading Log Source Test Results

You can now download the results for any tests performed on this log source, as shown in the screenshot below.

 

If you enabled show debug messages, the test results will include debug messaging for each test case.

 

  

Protocols Available for Log Source Testing

 

The initial release introduces support for the Log File Protocol and the Microsoft Office 365 Protocol. Additional protocols will be supported in future releases.

To enable testing capabilities, download the latest version of the supported protocols.

  

View detailed Status Messages of your Log Sources

 

Version 5.0.0 now includes a Status Messages column to provide further detail as to why a log source is in an Error or Warning state.

 
Summary

To summarize, I highly recommend downloading the v5.0.0 of the Log Source Management App available on the IBM Security App Exchange to experience this new testing capability of the Log File Protocol and the Microsoft Office 365 Protocol.

0 comments
31 views

Permalink