List of Contributions

Normally a log source can not exist multiple times, given the identifier and log source type are also the same. There can be multiple log sources for one identifier, given they are all different log source types, for example one Juniper FW log source and a Linux log source with the same hostname as identifier. ...

The performance of QRadar really depends on several factors: hardware specifications of the console setup of the deployment (all-in-one, distributed) log ingestion / processing global rules running searches Every factor can influence the performance and when all factors are ...

My current environment has over 50k log sources and it is also possible to have hundreds of thousands of log sources. So I do not think there is a hard deployment limit for number of log sources. For special log sources types there can be technical limits to how many there can be. (wincollect, multiline ...

I found the following API endpoint which can be used to update an offense: POST /siem/offenses/(offense_id) In the request the parameter "assigned_to" contains the username to which the offense should be assigned. I do not know how you can automate offense assignment. Maybe using an offense rule ...

Option 1 is the Console which is an All-in-one. A console is always an all-in-one as it can perform all tasks, whether it has a managed host or not.

Hi Bruno, I recently got the same issue. The problem we had, was that our custom ssl certificate was not in the trust store. So you should copy the correct certificate to /etc/pki/ca-trust/source/anchors/ on the system where the apps are running and then execute update-ca-trust. Newer versions of ...