List of Contributions

Paul Teichmann

Contact Details

My Content

1 to 6 of 6 total
Posted By Paul Teichmann Fri September 04, 2020 12:03 PM
Found In Egroup: IBM Security QRadar
\ view thread
Normally a log source can not exist multiple times, given the identifier and log source type are also the same. There can be multiple log sources for one identifier, given they are all different log source types, for example one Juniper FW log source and a Linux log source with the same hostname as identifier. ...
Posted By Paul Teichmann Sun August 16, 2020 01:07 PM
Found In Egroup: IBM Security QRadar
\ view thread
The performance of QRadar really depends on several factors: hardware specifications of the console setup of the deployment (all-in-one, distributed) log ingestion / processing global rules running searches Every factor can influence the performance and when all factors are ...
Posted By Paul Teichmann Sat June 20, 2020 11:30 AM
Found In Egroup: IBM Security QRadar
\ view thread
My current environment has over 50k log sources and it is also possible to have hundreds of thousands of log sources. So I do not think there is a hard deployment limit for number of log sources. For special log sources types there can be technical limits to how many there can be. (wincollect, multiline ...
Posted By Paul Teichmann Mon June 15, 2020 02:04 PM
Found In Egroup: IBM Security QRadar
\ view thread
I found the following API endpoint which can be used to update an offense: POST /siem/offenses/(offense_id) In the request the parameter "assigned_to" contains the username to which the offense should be assigned. I do not know how you can automate offense assignment. Maybe using an offense rule ...
Posted By Paul Teichmann Wed May 06, 2020 08:25 AM
Found In Egroup: IBM Security QRadar
\ view thread
Option 1 is the Console which is an All-in-one. A console is always an all-in-one as it can perform all tasks, whether it has a managed host or not.
Posted By Paul Teichmann Thu April 09, 2020 12:43 PM
Found In Egroup: IBM Security QRadar
\ view thread
Hi Bruno, I recently got the same issue. The problem we had, was that our custom ssl certificate was not in the trust store. So you should copy the correct certificate to /etc/pki/ca-trust/source/anchors/ on the system where the apps are running and then execute update-ca-trust. Newer versions of ...