IBM Security QRadar

hello everyone,

I want to create a report in which i want to shows that inbound/outbound traffic to/from my network generated  for a specific country and this report need to be generated every 24 hours.

i tried to generate the report on Qradar, First i add filter for that geographical then added some other filter such as firewall permit, tcp connection etc.Then i save search result, Ofcourcse in the result there were so many events.
I generated report using this saved search but report not showing all content or sometime generated as blank page.  Can anyone provide suggestion.

------------------------------
Mukesh Kumar
------------------------------

Have you tried generating the report by the hour? If so does data populate?

------------------------------
Richard Gingras
------------------------------

Original Message:
Sent: Mon April 08, 2019 12:47 PM
From: Mukesh Kumar
Subject: Qradar report

hello everyone,

I want to create a report in which i want to shows that inbound/outbound traffic to/from my network generated  for a specific country and this report need to be generated every 24 hours.

i tried to generate the report on Qradar, First i add filter for that geographical then added some other filter such as firewall permit, tcp connection etc.Then i save search result, Ofcourcse in the result there were so many events.
I generated report using this saved search but report not showing all content or sometime generated as blank page.  Can anyone provide suggestion.

------------------------------
Mukesh Kumar
------------------------------

Can u try to add a filter like  state geographic location = SomeLoc and give a try..

------------------------------
Rama Subbaiah Dhara
------------------------------

Original Message:
Sent: Mon April 08, 2019 12:47 PM
From: Mukesh Kumar
Subject: Qradar report

hello everyone,

I want to create a report in which i want to shows that inbound/outbound traffic to/from my network generated  for a specific country and this report need to be generated every 24 hours.

i tried to generate the report on Qradar, First i add filter for that geographical then added some other filter such as firewall permit, tcp connection etc.Then i save search result, Ofcourcse in the result there were so many events.
I generated report using this saved search but report not showing all content or sometime generated as blank page.  Can anyone provide suggestion.

------------------------------
Mukesh Kumar
------------------------------

Dear members

My query get solved by adding following filters such as destination geographic country + logsource + byte received is greater than 1.
Displayed this search via destination port.
Then is showed this saved search in my report.

------------------------------
Mukesh Kumar
------------------------------

Original Message:
Sent: Tue April 09, 2019 11:40 AM
From: Rama Subbaiah Dhara
Subject: Qradar report

Can u try to add a filter like  state geographic location = SomeLoc and give a try..

------------------------------
Rama Subbaiah Dhara

Original Message:
Sent: Mon April 08, 2019 12:47 PM
From: Mukesh Kumar
Subject: Qradar report

hello everyone,

I want to create a report in which i want to shows that inbound/outbound traffic to/from my network generated  for a specific country and this report need to be generated every 24 hours.

i tried to generate the report on Qradar, First i add filter for that geographical then added some other filter such as firewall permit, tcp connection etc.Then i save search result, Ofcourcse in the result there were so many events.
I generated report using this saved search but report not showing all content or sometime generated as blank page.  Can anyone provide suggestion.

------------------------------
Mukesh Kumar
------------------------------

how do you even filter a particular location? i tried inserting it with AQL but i don't get any results on any particular country.. i only get results when i input geographiclocation = 'other'.. can you please help me?

------------------------------
Slavcho Andreevski
------------------------------

Original Message:
Sent: Tue April 09, 2019 11:40 AM
From: Rama Subbaiah Dhara
Subject: Qradar report

Can u try to add a filter like  state geographic location = SomeLoc and give a try..

------------------------------
Rama Subbaiah Dhara

Original Message:
Sent: Mon April 08, 2019 12:47 PM
From: Mukesh Kumar
Subject: Qradar report

hello everyone,

I want to create a report in which i want to shows that inbound/outbound traffic to/from my network generated  for a specific country and this report need to be generated every 24 hours.

i tried to generate the report on Qradar, First i add filter for that geographical then added some other filter such as firewall permit, tcp connection etc.Then i save search result, Ofcourcse in the result there were so many events.
I generated report using this saved search but report not showing all content or sometime generated as blank page.  Can anyone provide suggestion.

------------------------------
Mukesh Kumar
------------------------------