IBM Security QRadar

Hello.
There is a sctipt logrun.pl used to generate events for QRadar but it requires events/traffic samples. Where can we take these samples?

------------------------------
Igor Volkov
------------------------------

Hello @Igor Volkov

If you run the script from the command line, it tells you the options the tool supports. You need to get a sample syslog file of traffic.​​​

There may be some on the host already, or you can find syslog samples online.

Good luck!

------------------------------
Darren H.
------------------------------

Original Message:
Sent: Tue March 23, 2021 06:54 AM
From: Igor Volkov
Subject: logrun.pl utility and events/traffic samples

Hello.
There is a sctipt logrun.pl used to generate events for QRadar but it requires events/traffic samples. Where can we take these samples?

------------------------------
Igor Volkov
------------------------------

Igor,
the easiest way is to produce your own logdata is based on CSV exports from log activity.
Just import your exported CSV data into XLS and copy/paste your payload column into an extra ascii file which you transfer back to your qradar.
Use this syntax for logrun.pl:
/opt/qradar/bin/logrun.pl -d <ip-of-qradar> -u <ip-of-logsource> -f events/samplelog.txt 35
BR
Karl

------------------------------
[Karl] [Jaeger] [Business Partner]
[QRadar Specialist]
[pro4bizz]
[Karlsruhe] [Germany]
[4972190981722]
------------------------------

Original Message:
Sent: Tue March 23, 2021 08:07 AM
From: Darren H.
Subject: logrun.pl utility and events/traffic samples

Hello @Igor Volkov

If you run the script from the command line, it tells you the options the tool supports. You need to get a sample syslog file of traffic.​​​

There may be some on the host already, or you can find syslog samples online.

Good luck!

------------------------------
Darren H.

Original Message:
Sent: Tue March 23, 2021 06:54 AM
From: Igor Volkov
Subject: logrun.pl utility and events/traffic samples

Hello.
There is a sctipt logrun.pl used to generate events for QRadar but it requires events/traffic samples. Where can we take these samples?

------------------------------
Igor Volkov
------------------------------

Igor 
There is an app called Experience Centre which you can Install on QRadar. It has a set of example logs that you can run through QRadar 

The QRadar Experience Center app comes with several predefined security use cases that you can run to demonstrate how QRadar can help you detect security threats. With a single click of a button, you can watch QRadar in action as the simulation data is sent to QRadar. After watching the video tutorial that explains the use case, you can easily explore the QRadar content that is used for the use case, and further explore how you might investigate such a threat in your own environment.

------------------------------
Slawek Gawlowski
Security Technical Consultant
IBM Security Intelligence Solutions
------------------------------

Original Message:
Sent: Tue March 23, 2021 06:54 AM
From: Igor Volkov
Subject: logrun.pl utility and events/traffic samples

Hello.
There is a sctipt logrun.pl used to generate events for QRadar but it requires events/traffic samples. Where can we take these samples?

------------------------------
Igor Volkov
------------------------------