List of Contributions

Andres Arguelles

Contact Details

My Content

1 to 6 of 6 total
Posted By Andres Arguelles Thu October 08, 2020 07:39 PM
Found In Egroup: IBM Security QRadar
\ view thread
Hello guys Recently, I started to check O365 ThreatIntel logs associated to the eventID TIMaiData. Analyzing these particular events I have found that all events relate to the ThreatIntel user from O365 module. I want to override the username parsed for these particular events to get the source e-mail ...
Posted By Andres Arguelles Thu July 30, 2020 02:58 PM
Found In Egroup: IBM Security QRadar
\ view thread
Hello all. After working with the DBAs I have solved this defining a view using the SQL function fn_trace_gettable. I share with all of you if this could be useful to everyone in the community. ------------------------------ Andres Arguelles ------------------------------
Posted By Andres Arguelles Tue July 28, 2020 07:41 PM
Found In Egroup: IBM Security QRadar
\ view thread
Hello all. Currently, I am working in adding Microsoft IP address pool on QRadar (Office 365 and related). I have tried to use trusted services function and it works great for IPv4 addresses. I cannot add IPv6 with remote services group. I have evaluated to do this using network hierarchy that allows ...
Posted By Andres Arguelles Fri July 03, 2020 08:24 PM
Found In Egroup: IBM Security QRadar
\ view thread
Hello all. Currently, I am trying to integrate a SQL Server 2008 Standard edition to QRadar. Before QRadar Arcsights was used and we used the AuditTrace store procedure given by them. I am evaluating to take trc files to qradar but is needed a transformation before that. I have evaluated the following: ...
Posted By Andres Arguelles Thu June 25, 2020 08:10 PM
Found In Egroup: IBM Security QRadar
\ view thread
Hello all. Currently I have space issues on one of my processors. I know that with lvm I can attach another disk on my virtual deployment, add it to lvm and using xfs_growsfs increase the /store size. Do you recommend that? Do you have any experience running this procedure? I appreciate any hint ...
Posted By Andres Arguelles Fri June 19, 2020 09:50 AM
Found In Egroup: IBM Security QRadar
\ view thread
Hello all. I know that in terms of hardware QRadar handles EPS limit. Is there also a limit for the amount of log sources supported by each component (i.e. collector, processor, full deployment). Thanks! ------------------------------ Andres Arguelles ------------------------------