List of Contributions

Moises Monge

Contact Details

My Content

1 to 3 of 3 total

RE: Qradar BIGIP/F5 Grouping Sessions and Usernames

Posted By Moises Monge Tue January 14, 2020 02:28 PM
Found In Egroup: IBM Security QRadar \ view thread
I am not familiar with the F5 events, but if the username of whatever information you want to group by is contained in the payload of the event and QRadar is extracting that to a field or custom property this can be easily achieved, in the case the info is in the payload but not extracted that can be ...

Barracuda Firewall F-Series Log Source Extension

Posted By Moises Monge Mon January 13, 2020 05:28 PM
Found In Library: IBM Security QRadar
The following is an export of a LSX I used to parsed data from a Barracuda FXX firewall, to make sure the Custom DSM will work you have to enable "Cluster Info" logging under Configuration Tree > Infraestructure Services > Syslog Streaming > LogStream Destinations > "Add Range/Cluster Info" ...

RE: Unwanted Syslog Packets Sent to QRadar

Posted By Moises Monge Fri January 10, 2020 10:45 AM
Found In Egroup: IBM Security QRadar \ view thread
Hello, SIM Generic do consume license. I will suggest evaluating the SIM Generic Events rather than just dropping them, these are events coming from log sources that couldn't be autodiscovered. You can collect these events in raw format break them by the source (IP address or hostname) evaluate if ...