List of Contributions

Hi Larry, Most shops have VA Scan technology in place and simply import scan results into QRadar for population of assets/vulnerabilities in the QRadar Asset DB for correlation enrichment (e.g., server vulnerable to exploit, etc...). There is no additional cost to do so and the configuration guide (PDF) ...

Hi Anthony, That's great, thanks for the update! I agree with your thoughts as I initially looked for a documentation reference to send you, but was unable to find one so ended up digging through the bin directory and my notes for the utility (which I hadn't' run for quite some time :) @Jonathan ...

Hi Anthony, There's a script that can add a new iso image, or replace the existing iso image on the recovery partition: /opt/qradar/bin/recovery.py --help will show the options. -r, --replace replace existing iso's on recovery partition with ISO -a, --add copy ISO to recovery partition add it ...

You may want to use the SIEM Tuning Report (CRE event report) as a starting point. Look at about 36 minutes into the following (Tuning Methodology): QRadar Open Mic #24 Replay: Let's talk about Tuning QRadar (16 May 2017) YouTube remove preview QRadar Open Mic #24 Replay: ...