On the Assets tab, there is a filer option to look for a specific IP address. This allows you to to find and view the asset. If you need to find an asset within a specific timeframe, then you likely need to search from the Log Activity tab. You can run a search for the Identity fields from your events within that time frame for a matching event. QRadar as what we call Identity events, which are authentication events where we recognize that a user logged in to an asset. You should be able to write a search that looks for that IP address and all Identity usernames that match the conditions you need to view.
For example,
Just search your time frame and then add a filter to your search Identity = True. This will show you all identity events for your time frame. Then you can add further filters to verify.
------------------------------
Jonathan Pechta
QRadar Support Content Lead
Support forums: ibm.biz/qradarforums
jonathan.pechta1@ibm.com------------------------------
Original Message:
Sent: Thu October 21, 2021 04:22 AM
From: Michail Christof
Subject: How to search for an ip address in QRadar for Assets
Dear community,
How to search/identify in the Qradar, which ip address has assigned on an asset at the specific time?
Kind Regards,
Michail
------------------------------
Michail Christof
------------------------------