Hi Luis,
i'm not sure, if you are aware about this. Maybe you should try out this... Just apply the IBM QRadar Security Analytics Self Monitoring Content Package:
https://exchange.xforce.ibmcloud.com/hub/extension/0be9613a768a5a05ea102535b7bce76a
With this out-of-the-box dashboards come along in Pulse dealing with your request :)
Hope this helps you dealing with your requests...
Regards,
Ralph
------------------------------
Ralph Belfiore
Managing Consultant | Senior SIEM Expert
connecT SYSTEMHAUS AG
Siegen
+491726365525
------------------------------
Original Message:
Sent: Wed May 29, 2024 09:21 AM
From: Luis Enrique Rodriguez Martinez
Subject: Offense Query
Hi everyone:
i'm trying to make a dashboard item with offense data, i would like create query, but a cant find the id offense, someone know the name of the field id_offense to use in query, I wold like some like this
This is my query
SELECT QIDNAME(qid) as evento,DATEFORMAT(starttime, 'dd-MM-YYY HH:MM:SS') as "Date"
FROM events
where domainid =2 and logsourceid = 163 and evento ILIKE 'LATAM%%'
ORDER BY date DESC
LAST {time_span}
Thans in advnace
------------------------------
Luis Enrique Rodriguez Martinez
------------------------------