List of Contributions

Kelly Abbott

Contact Details

My Content

1 to 4 of 4 total
Posted By Kelly Abbott Sep 17, 2019 5:40 PM
Found In Egroup: IBM Security QRadar
\ view thread
Hi Larry, Most shops have VA Scan technology in place and simply import scan results into QRadar for population of assets/vulnerabilities in the QRadar Asset DB for correlation enrichment (e.g., server vulnerable to exploit, etc...). There is no additional cost to do so and the configuration guide (PDF) ...
Posted By Kelly Abbott Jul 12, 2019 12:19 AM
Found In Egroup: IBM Security QRadar
\ view thread
Hi Anthony, That's great, thanks for the update! I agree with your thoughts as I initially looked for a documentation reference to send you, but was unable to find one so ended up digging through the bin directory and my notes for the utility (which I hadn't' run for quite some time :) @Jonathan Pechta ...
Posted By Kelly Abbott Jul 11, 2019 8:40 AM
Found In Egroup: IBM Security QRadar
\ view thread
Hi Anthony, There's a script that can add a new iso image, or replace the existing iso image on the recovery partition: /opt/qradar/bin/recovery.py --help will show the options. -r, --replace replace existing iso's on recovery partition with ISO -a, --add copy ISO to recovery partition add it to re-install ...
Posted By Kelly Abbott Mar 12, 2019 4:25 PM
Found In Egroup: IBM Security QRadar
\ view thread
You may want to use the SIEM Tuning Report (CRE event report) as a starting point. Look at about 36 minutes into the following (Tuning Methodology): QRadar Open Mic #24 Replay: Let's talk about Tuning QRadar (16 May 2017) YouTube remove preview QRadar Open Mic #24 Replay: ...