List of Contributions

Jan Prins

Contact Details

My Content

1 to 12 of 12 total

RE: Vunerabilities

Posted By Jan Prins Tue July 21, 2020 07:29 AM
Found In Egroup: IBM Security QRadar \ view thread
Thanks Darren, Subscribed to the update messages to be warned up-front next time. Regards, Jan ------------------------------ Jan Prins ------------------------------

Vunerabilities

Posted By Jan Prins Tue July 21, 2020 05:24 AM
Found In Egroup: IBM Security QRadar \ view thread
I noticed some new security issues in qradar... Cross site scripting and some others Security Bulletin: IBM QRadar SIEM is vulnerable to cross-site scripting (CVE-2020-4364) solution upgrade to fix pack: 7.3.3-QRADAR-QRSIEM-20200704141002 However we are on version 7.3.2 I do not intend to upgrade ...

RE: Events/Flows dropped by the pipeline, due to MSRPC polling collector

Posted By Jan Prins Mon June 08, 2020 02:12 AM
Found In Egroup: IBM Security QRadar \ view thread
Thanks for your answer. It a little bit of a loop situation too. Qradar is polling and this is generating traffic. Decided to filter out the messages, allowed messages are not that interesting anyway. ------------------------------ Jan Prins ------------------------------

Events/Flows dropped by the pipeline, due to MSRPC polling collector

Posted By Jan Prins Thu June 04, 2020 08:31 AM
Found In Egroup: IBM Security QRadar \ view thread
Good afternoon, we receive this error on a regular time fame. I investigated the source and found 50% of all events are of the type: Success Audit: The Windows Filtering Platform has allowed a connection. After looking at one of the servers i did see that the collector is sending a huge amount of ...

Qradar Log Source Management known issues

Posted By Jan Prins Tue March 31, 2020 04:23 AM
Found In Egroup: IBM Security QRadar \ view thread
We are using the lastest version 5.0.1 of Qradar Log Source Management application I think is very annoying is that the window size when starting the app is way to big... I have to drag the window all the way to the left to see the Maximize button and then when i click it all is working normal ...

RE: How should I export Log source list in Qradar

Posted By Jan Prins Tue January 28, 2020 07:15 AM
Found In Egroup: IBM Security QRadar \ view thread
Default export in all colums to CSV You can also choose if you what to export only visible columns and you can also select which columns are displayed. csv can be read by excel so with it you can do some filtering as well. Good luck. ------------------------------ Jan-dirk Prins -------- ...

RE: How should I export Log source list in Qradar

Posted By Jan Prins Tue January 28, 2020 03:19 AM
Found In Egroup: IBM Security QRadar \ view thread
If you use the QRadar Log Source Management app The is simply a download button on the right side next to the Manage Colums botton. If you do not have it installed you can downloaded via the app exchange. QRadar Log Source Management - IBM Security App Exchange Ibmcloud remove preview

Whitelisting a false positive

Posted By Jan Prins Sat October 12, 2019 08:02 AM
Found In Egroup: IBM Security QRadar \ view thread
Hi, Trying to whitelist a false positive offense. In a log source there are two types of events... Event 1, signals a suspicious situation. Event 2, signals a situation as occurred from a certain machine. Now there is a similarity... If event 1 occurs and event 2 has occurred in the same ...

RE: new to qradar

Posted By Jan Prins Fri October 11, 2019 03:18 AM
Found In Egroup: IBM Security QRadar \ view thread
​Each system has its own structure with event ids. For example if you log in the windows event viewer you can see a lot of messages Because qradar works with all different system, it needs in a database of all known messages. Qradar Identifier Database in this database each message of all the ...

RE: Log source app

Posted By Jan Prins Thu October 10, 2019 03:48 AM
Found In Egroup: IBM Security QRadar \ view thread
Finally figured it out. I did have to uncheck the description box and it will add from the first column of the CSV line So now it reads My first computer,Computer1 The name template you can use to buid up the name of configuration step 3 Enable/disable editing of Name Template Name Template ...

Log source app

Posted By Jan Prins Thu October 10, 2019 03:02 AM
Found In Egroup: IBM Security QRadar \ view thread
​Hi, i am working with the new logsource app. It seems to work normal, for the most part. If i modify an existing logsource made by the build-in logsource module in anyway it complains about two unresolved issues before i can save it. It concerns two fields. 1. Forward event filter type 2. ...

RE: Console Event Processor Mode

Posted By Jan Prins Fri October 04, 2019 09:07 AM
Found In Egroup: IBM Security QRadar \ view thread
​The console has all services up and running. The question where logsources are handled is determined via the routing rules and logsource configuration. Beside there is also the communication between your event collector and the console server. So in case you decided to stop the ecs-ec on the ...