Whether creating a flow source on QRadar for interface worked for you for replaying pcaps?
I have edited my post with latest version Experience Center.
https://exchange.xforce.ibmcloud.com/hub/extension/3ff30fa2eb92ef1740ba308e4e50a370 ( This version of the app is not fully supported in IBM QRadar Community Edition) It says this but you can install and explore. I managed to install it on my CE installation.
Original Message:
Sent: Thu May 30, 2024 06:44 AM
From: nico smith
Subject: PCAP Ingestion and Viewing
So is there a method to perform the action that I originally posted or is this outside the scope, of qradar?
Original Message:
Sent: 5/30/2024 6:31:00 AM
From: John Dawson
Subject: RE: PCAP Ingestion and Viewing
Unforuntaely the Experience Center app is not supported on CE.
From the link above
This version of the app is not fully supported in IBM QRadar Community Edition.
------------------------------
John Dawson
Qradar Support Architect
IBM
Original Message:
Sent: Wed May 29, 2024 01:57 AM
From: Vishal Tangadkar
Subject: PCAP Ingestion and Viewing
Hello Nico,
You can replay the network traffic but to register same on QRadar, You need to create the flow source first on network interface. Have you created the same?
Also, You can also explore below application to replay the events.
https://exchange.xforce.ibmcloud.com/hub/extension/4b8a49187611ae8f746c27c8da4727e3?q=experience
For more details check below document.
https://www.ibm.com/docs/sk/qradar-common?topic=app-whats-new-in-qradar-experience-center
------------------------------
Vishal Tangadkar
IBM INDIA PVT LTD
Original Message:
Sent: Tue May 28, 2024 07:55 AM
From: nico smith
Subject: PCAP Ingestion and Viewing
Good Morning ,
I'm currently attempting to tackle a problem of having QRadar CE read some local .pcap files that I have on the Qradar CE server itself. I have a few things that I have tried but to no avail and while im very new to qradar , the process in the past on previous iterations of Qradar seemed to be extremely simple.
I have installed tcpreplay as tcpdump was already within the .so. from the .iso we have a successful installation of qradar ce . however there is no ingestion of traffic on the network itself. Im working in a test environment that does not have internet access as well so the use of .pcaps is pretty important as i am also learning the product as well within this deployment.
I 've watched the jose bravo yt and its super helpful however the replay with logrun.pl isn't providing traffic either.
is there a plugin or intergration that i need to perform the activity that i am seeking to perform ?
this is the version of Qradar CE that I am using
**7.5.0 UpdatePackage 8 (Build 20240302192142)**
thanks in advance
------------------------------
nico smith
------------------------------