IBM Security QRadar

Hi Everyone,

How to get average overall EPS consumed for the managed units combined as single report.?
For example: we have three managed units(EP's) and getting 500, 600, 800 EPS respectively.
Can we get average EPS for above criteria in QRadar Console?

Thanks,
Panendar Rao.C

------------------------------
PHANENDRA RAO CHAVANA
------------------------------

HI All,

Any replies for my below request?

Thanks,
Panendar Rao.C

------------------------------
PHANENDRA RAO CHAVANA
------------------------------

Original Message:
Sent: Mon April 12, 2021 02:04 AM
From: PHANENDRA RAO CHAVANA
Subject: Average EPS for all Managed units

Hi Everyone,

How to get average overall EPS consumed for the managed units combined as single report.?
For example: we have three managed units(EP's) and getting 500, 600, 800 EPS respectively.
Can we get average EPS for above criteria in QRadar Console?

Thanks,
Panendar Rao.C

------------------------------
PHANENDRA RAO CHAVANA
------------------------------

Hi Panendar,

what about the standard report "system summary"? There is the overall EPS Info included. Otherwise maybe you can modify the search used in this report for your own customization...

Maybe this hint is useful.

Regards,
Ralph

------------------------------
Ralph Belfiore
SIEM Expert
pro4bizz GmbH
Karlsruhe
+49 721 90981727
------------------------------

Original Message:
Sent: Mon April 12, 2021 02:04 AM
From: PHANENDRA RAO CHAVANA
Subject: Average EPS for all Managed units

Hi Everyone,

How to get average overall EPS consumed for the managed units combined as single report.?
For example: we have three managed units(EP's) and getting 500, 600, 800 EPS respectively.
Can we get average EPS for above criteria in QRadar Console?

Thanks,
Panendar Rao.C

------------------------------
PHANENDRA RAO CHAVANA
------------------------------

Hello @PHANENDRA RAO CHAVANA,

Here is an idea using AQL.

SELECT PROCESSORNAME(processorid) AS "Event Processor", SUM(eventcount) AS "Number of Events in Interval", SUM(eventcount) / 7200 AS "EPS in Interval" FROM events where logsourceid not in (62,63,64,65,66,67,68,69) GROUP BY "Event Processor" ORDER BY "EPS in Interval" DESC LIMIT 10 LAST 2 HOURS

This will give you an average EPS by Event Processor during 2 hours (7200 sec)s (excluding systems logs in the count)

Maybe you can build a Pulse dashboard to follow this :)

Hope this helps,
Regards,
zoldax

------------------------------
@zoldax

https://www.youracclaim.com/users/pascal-weber.029e134d/badges
------------------------------

Original Message:
Sent: Mon April 12, 2021 02:04 AM
From: PHANENDRA RAO CHAVANA
Subject: Average EPS for all Managed units

Hi Everyone,

How to get average overall EPS consumed for the managed units combined as single report.?
For example: we have three managed units(EP's) and getting 500, 600, 800 EPS respectively.
Can we get average EPS for above criteria in QRadar Console?

Thanks,
Panendar Rao.C

------------------------------
PHANENDRA RAO CHAVANA
------------------------------