IBM Security QRadar

Hi Everyone,

One of my customer is asking to see the CPU , RAM and Hard disk utilization for specific duration(ex: jan - 15 to 31). But I can see only for last 24 hours and 7 days for some dashboards. Can we get the data from QDI?

Offense Category: Also Customer wants to download see the Offense categories for specific duration. But I can see First offense and Last updated.

Thanks,
Panendar Rao.C

------------------------------
PHANENDRA RAO CHAVANA
------------------------------

you can download health summary reports in QDI for 30 days and check results in XLS using the CSV data. Specific dashboard is not available in QDI for selected time window. If you want to achieve that please setup your own pulse widget based on AQL.

Offense categories are handled based on offense correlation. Only 1st Offense and last updated are tracked in Offenses screen by default. More dashboards for Offense categories are available in Pulse or New UI. Again 7 days is max on standard dashboard items. If you want to see offense categories matched on specific days over a longer period please use your own offense report or the REST API. There are a couple of discussion posts here on how to achieve that including my own posts :-)

------------------------------
[Karl] [Jaeger] [Business Partner]
[QRadar Specialist]
[pro4bizz]
[Karlsruhe] [Germany]
[4972190981722]
------------------------------

Original Message:
Sent: Thu February 04, 2021 12:33 AM
From: PHANENDRA RAO CHAVANA
Subject: Qradar QDI and Offense categories info

Hi Everyone,

One of my customer is asking to see the CPU , RAM and Hard disk utilization for specific duration(ex: jan - 15 to 31). But I can see only for last 24 hours and 7 days for some dashboards. Can we get the data from QDI?

Offense Category: Also Customer wants to download see the Offense categories for specific duration. But I can see First offense and Last updated.

Thanks,
Panendar Rao.C

------------------------------
PHANENDRA RAO CHAVANA
------------------------------

I use historical SAR data for that; unfortunately the system only keeps thirty days worth so I think you are outside of your window.  SAR is a Linux utility so you can find how to use it on many internet searches

------------------------------
Scott Searls
------------------------------

Original Message:
Sent: Wed February 24, 2021 06:50 AM
From: Karl Jaeger
Subject: Qradar QDI and Offense categories info

you can download health summary reports in QDI for 30 days and check results in XLS using the CSV data. Specific dashboard is not available in QDI for selected time window. If you want to achieve that please setup your own pulse widget based on AQL.

Offense categories are handled based on offense correlation. Only 1st Offense and last updated are tracked in Offenses screen by default. More dashboards for Offense categories are available in Pulse or New UI. Again 7 days is max on standard dashboard items. If you want to see offense categories matched on specific days over a longer period please use your own offense report or the REST API. There are a couple of discussion posts here on how to achieve that including my own posts :-)

------------------------------
[Karl] [Jaeger] [Business Partner]
[QRadar Specialist]
[pro4bizz]
[Karlsruhe] [Germany]
[4972190981722]

Original Message:
Sent: Thu February 04, 2021 12:33 AM
From: PHANENDRA RAO CHAVANA
Subject: Qradar QDI and Offense categories info

Hi Everyone,

One of my customer is asking to see the CPU , RAM and Hard disk utilization for specific duration(ex: jan - 15 to 31). But I can see only for last 24 hours and 7 days for some dashboards. Can we get the data from QDI?

Offense Category: Also Customer wants to download see the Offense categories for specific duration. But I can see First offense and Last updated.

Thanks,
Panendar Rao.C

------------------------------
PHANENDRA RAO CHAVANA
------------------------------