Dear community,

How to search/identify in the Qradar, which ip address has assigned on an asset at the specific time?

Kind Regards,
Michail

------------------------------
Michail Christof
------------------------------

On the Assets tab, there is a filer option to look for a specific IP address. This allows you to to find and view the asset. If you need to find an asset within a specific timeframe, then you likely need to search from the Log Activity tab. You can run a search for the Identity fields from your events within that time frame for a matching event. QRadar as what we call Identity events, which are authentication events where we recognize that a user logged in to an asset. You should be able to write a search that looks for that IP address and all Identity usernames that match the conditions you need to view.

For example,

Just search your time frame and then add a filter to your search Identity = True. This will show you all identity events for your time frame. Then you can add further filters to verify.

------------------------------
Jonathan Pechta
QRadar Support Content Lead
Support forums: ibm.biz/qradarforums
jonathan.pechta1@ibm.com
------------------------------

Original Message:
Sent: Thu October 21, 2021 04:22 AM
From: Michail Christof
Subject: How to search for an ip address in QRadar for Assets

Dear community,

How to search/identify in the Qradar, which ip address has assigned on an asset at the specific time?

Kind Regards,
Michail

------------------------------
Michail Christof
------------------------------

Dear Jonathan,

thank you for your help.

Kind regards,

Michail 

------------------------------
Michail Christof
------------------------------

Original Message:
Sent: Wed November 03, 2021 10:32 AM
From: Jonathan Pechta
Subject: How to search for an ip address in QRadar for Assets

On the Assets tab, there is a filer option to look for a specific IP address. This allows you to to find and view the asset. If you need to find an asset within a specific timeframe, then you likely need to search from the Log Activity tab. You can run a search for the Identity fields from your events within that time frame for a matching event. QRadar as what we call Identity events, which are authentication events where we recognize that a user logged in to an asset. You should be able to write a search that looks for that IP address and all Identity usernames that match the conditions you need to view.

For example,

Just search your time frame and then add a filter to your search Identity = True. This will show you all identity events for your time frame. Then you can add further filters to verify.

------------------------------
Jonathan Pechta
QRadar Support Content Lead
Support forums: ibm.biz/qradarforums
jonathan.pechta1@ibm.com

Original Message:
Sent: Thu October 21, 2021 04:22 AM
From: Michail Christof
Subject: How to search for an ip address in QRadar for Assets

Dear community,

How to search/identify in the Qradar, which ip address has assigned on an asset at the specific time?

Kind Regards,
Michail

------------------------------
Michail Christof
------------------------------