IBM Security QRadar

 View Only
Expand all | Collapse all

New User needs help creating report for service account logons

  • 1.  New User needs help creating report for service account logons

    Posted Thu September 15, 2022 02:11 PM

    Hi all,

    I'm new to using QRadar so I could use some help. I'm looking for a report (either existing or to create one) of any interactive logons from service accounts. I believe the events we are looking for are 4624 type 2, 7 or 10 or event 4648 type 9. I've played around with the reports but can't quite get it to pull the info I want. If anyone could help with this, it would be much appreciated. Thanks



    #QRadar
    #Support
    #SupportMigration


  • 2.  RE: New User needs help creating report for service account logons

    Posted Thu September 15, 2022 03:31 PM

    In the Log Activity tab, use search filters (like Event ID and type (could be custom CEP) and perform a search and make sure that the result you see is what you want it to be in the report. Once you get the desired output, you can save the search and create report out of this saved search.

    How to create a saved search?

    https://www.ibm.com/docs/en/qsip/7.5?topic=searches-saving-search-criteria



    #QRadar
    #Support
    #SupportMigration