QRadar

Expand all | Collapse all

new to qradar

  • 1.  new to qradar

    Posted 11 days ago
    what is event id and qid ,
    i tried to understood by searching on the web,
    but didn't encountered with beginner's intuitive answer.

    ------------------------------
    daniel benisti
    ------------------------------


  • 2.  RE: new to qradar

    Posted 11 days ago
    QID is the QRadar Identification Number that applied uniquely to an
    event name for a device type. EventID usually refers specifically to
    Windows Event Logs Event ID number as a custom property.




  • 3.  RE: new to qradar

    Posted 11 days ago
    Have you taken a look at the QRadar 101 pages? This might be able to help you.

    ------------------------------
    Wendy Batten
    Community Manager
    IBM Security
    Cambridge MA
    ------------------------------



  • 4.  RE: new to qradar

    Posted 9 days ago
    Thank you so much for the resource!

    ------------------------------
    daniel benisti
    ------------------------------



  • 5.  RE: new to qradar

    Posted 10 days ago
    ​Each system has its own structure with event ids.

    For example if you log in the windows event viewer you can see a lot of messages
    Because qradar works with all different system, it needs in a database of all known messages.

    Qradar Identifier Database

    in this database each message of all the gathered systems are given a unique number know as qid

    More information about qid
    https://www.ibm.com/support/knowledgecenter/en/SS42VS_7.3.2/com.ibm.qradar.doc/c_QID_overview.html


    ------------------------------
    Jan-dirk Prins
    ------------------------------



  • 6.  RE: new to qradar

    Posted 10 days ago
    As mentioned, each event in QRadar is mapped to a so called high & low level category - thus an event mapping represents an association between an event ID and category combination and a QID record (referred to as event categorization). Event ID and category values are extracted by DSMs from events and are then used to look up the mapped event categorization or QID. Event categorizations store extra metadata for the event that might not exist in the raw event data (e.g. description), a severity value, or a low level category assignment. See: Event mapping

    ------------------------------
    Dusan VIDOVIC
    ------------------------------