IBM Security QRadar

Expand all | Collapse all

Offense category wise report issue

  • 1.  Offense category wise report issue

    Posted 14 days ago
    Hi Everyone,

    One urgent help.
    I need to create a scheduled report for the offense category with respect to the offense count(open, closed, hidden).
    I can see in the offense tab as shown below. How can i bring it to the report section?
    In log activity not able to see the offense count parameter to add and call it in the report part.
    Kindly suggest. Is it possible through AQL? Please provide respective AQL if it is so.

    Screenshot:

    Thanks,
    Panendar Rao.C

    ------------------------------
    PHANENDRA RAO CHAVANA
    ------------------------------


  • 2.  RE: Offense category wise report issue

    Posted 14 days ago
    Hello,
    I can't give you a solution but a few tipps:

    A report is based on a saved search.
    You can use existing searches for the first steps. Go to "Log Activitiy" -> "Search ..." -> "Edit search"

    Type "offense" in the field "Type Saved Search or Select from List"
    Load for example "(admin) Number of Offenses Created" (or just click on "Show AQL")
    or "(admin) Offenses by Rule Name"

    Now you can find in the "Advanced Search" field everything you need to create your own searches. With this result you are able to create a report.

    Hope this helps!
    Regards,
    Harald


    ------------------------------
    Harald Dunkel
    IT-Security Engineer
    Baden-Württembergische Versorgungsanstalt für Ärzte, Zahnärzte und Tierärzte
    ------------------------------