List of Contributions

MAC Strater

Contact Details

My Content

1 to 18 of 18 total
Posted By MAC Strater Sun January 19, 2020 11:47 PM
Found In Egroup: IBM Security QRadar
\ view thread
Hi I've brought a log license on Qradar. I'm interested in UBA so I download and try to install but there's no UBA tab shown on my dashboard. I'm wondered that UBA is required threat management license? If not what I'm wrong. Please suggest me Thanks! ------------------------------ MAC ...
Posted By MAC Strater Mon September 30, 2019 07:57 AM
Found In Egroup: IBM Security QRadar
\ view thread
I installed Watson on Qradar. I found that Watson can help me investigate each offense by using mixed infomation on cloud and local. Am I correct? But What's about respones? After offenses are shown, what should I do for next? I try to find out the solution in order to save time Can Watson help or ...
Posted By MAC Strater Mon September 30, 2019 07:38 AM
Found In Egroup: IBM Security QRadar
\ view thread
I does work for me Thank you! Another way, I found these artical "https://www.ibm.com/support/pages/troubleshooting-check-point-syslog-leef-events-log-exporter-cplogexport-utility" You can send syslog by using leef format but you also need to edit XML file on checkpoint. Plain syslog (eg. firewall ...
Posted By MAC Strater Mon September 30, 2019 07:33 AM
Found In Egroup: IBM Security QRadar
\ view thread
Hi All, Problem was solved! after I disabled iptable service ------------------------------ MAC Strater ------------------------------
Posted By MAC Strater Fri September 27, 2019 03:41 AM
Found In Egroup: IBM Security QRadar
\ view thread
Hi Guy, I have two options for receiving log from checkpoint (R8.2) which is log sending by using syslog format and LEAF format. I configured both option but Qradar show N/A status on Log source page. However, Log activity show "Unknow generic log event" Remark - I alrealdy restart service on checkpoint ...
Posted By MAC Strater Fri September 06, 2019 05:17 AM
Found In Egroup: IBM Security QRadar
\ view thread
I know that there're three component which is console, proccessor and collector. I will deploy console and proccessor at HQ and collector at branches for receiving log. All component is virtual appliance. My question is Is there any cost for collector at branch? Where's location for install license? ...
Posted By MAC Strater Tue September 03, 2019 09:54 AM
Found In Egroup: IBM Security QRadar
\ view thread
I download and install in JSA. What should I do next? ------------------------------ MAC Strater ------------------------------
Posted By MAC Strater Tue September 03, 2019 01:02 AM
Found In Egroup: IBM Security QRadar
\ view thread
I would like to collect a log from checkpoint via opsec protocol. I added log source and log source status is success but event name is unknown. Have you seen these problem? How I solve it? ------------------------------ MAC Strater ------------------------------
Posted By MAC Strater Wed August 14, 2019 12:02 AM
Found In Egroup: IBM Security QRadar
\ view thread
I'm going to implement a SOC in MSSP model to provide service for customer. Requirement - Multi-tenant and HA are needed - collect event from customer (10 customer - total is about 3000EPS) - Virtual appliance prefers Design 1. I will deploy two of virtual console as primary and standby ...
Posted By MAC Strater Thu June 27, 2019 12:06 AM
Found In Egroup: IBM Security QRadar
\ view thread
Hi Can JSA detect SQL injection activity? ------------------------------ MAC Strater ------------------------------
Posted By MAC Strater Thu May 16, 2019 12:53 PM
Found In Egroup: IBM Security QRadar
\ view thread
Thank you so much! ------------------------------ MAC Strater ------------------------------
Posted By MAC Strater Thu May 16, 2019 12:03 AM
Found In Egroup: IBM Security QRadar
\ view thread
Hi I've Qradar 3550 M4. Now number of EPS is over purchased license. I brought 500EPS but right now It's about 900EPS. I know If number of EPS is over purchased license. EPS will keep on buffer then It will be proceeded following FIFO. Can I verify that EPS is kept on buffer by using CLI? and ...
Posted By MAC Strater Thu May 02, 2019 01:14 AM
Found In Egroup: IBM Security QRadar
\ view thread
Hi Is it impossible? If I would like to detect web server when someone try to change content on web page. In case of I had LAMP server. there's index.php in /var/www/html. If someone try to overwirte file index.php, Can we detect on JSA by using custome rule? ------------------------------ MAC ...
Posted By MAC Strater Tue April 23, 2019 11:02 AM
Found In Egroup: IBM Security QRadar
\ view thread
Hi There' s offense tab on my GUI. I don't know that why but It might cause installation mode that it is Threat Management (TM) mode https://www.ibm.com/support/knowledgecenter/en/SSKMKU/com.ibm.qradar.doc_cloud/c_qradar_off_mgmt.html ------------------------------ MAC Strater ------------- ...
Posted By MAC Strater Tue April 23, 2019 12:29 AM
Found In Egroup: IBM Security QRadar
\ view thread
Hi Now, I'm testing Qradar by enabled Threat management mode. If I installed as Log management, Will offense tab show on GUI? Thanks! ------------------------------ MAC Strater ------------------------------
Posted By MAC Strater Sun April 21, 2019 11:25 PM
Found In Egroup: IBM Security QRadar
\ view thread
Hi Nico, I'm interested your recommened by using Windows Event Subscription. In this case, no need to install Wincollect agent on Windows host but I must dedicate one of server to install Wincollect to collect log and forward log to Qradar. Am I correct? Do you have a guideline and link to download ...
Posted By MAC Strater Sat April 20, 2019 07:04 AM
Found In Egroup: IBM Security QRadar
\ view thread
Thank you all guys! I will explain to my customer with limitation :) ------------------------------ MAC Strater ------------------------------
Posted By MAC Strater Fri April 19, 2019 12:36 AM
Found In Egroup: IBM Security QRadar
\ view thread
Hi I need to ingest log from AD without agent installed. Is it imposslble? ------------------------------ MAC Strater ------------------------------