List of Contributions

Mr. Juan Paulo

IBM

Contact Details

IBM

My Content

1 to 10 of 10 total

RE: Check WinCollect Agents Status on Console

Posted By Juan Paulo Mon January 22, 2024 08:05 AM
Found In Egroup: IBM Security QRadar \ view thread
Hi you could try to implement the details on this blog on the community. https://community.ibm.com/community/user/security/blogs/cristian-ruvalcaba1/2021/04/15/wincollect-monitoring best regards ------------------------------ Juan Paulo IBM Santiago ------------------------------

RE: Regarding IBM QRadar Event Payload from Offense Events

Posted By Juan Paulo Thu January 18, 2024 03:54 PM
Found In Egroup: IBM Security QRadar SOAR \ view thread
Hi Bhagyesh , you can use QRadar SIEM Functions for SOAR from here : https://exchange.xforce.ibmcloud.com/hub/extension/a9bcc3eaebf2a6efc04258b4964a48a4 On that package you need to use qradar_search function, Here is an example of what you would like to do on the code: AQL search to grab the ...

RE: Playbook deployment location

Posted By Juan Paulo Mon January 30, 2023 10:19 PM
Found In Egroup: IBM Security QRadar SOAR \ view thread
Hi Luqman, the playbook itself runs on the QRadar SOAR server itself (just like the rules/workflows, in a similar way) I don't have the details of which components are used by the playbooks, but it uses the resources of the SOAR Server What you need to understand it's that the playbooks (the logic) ...

RE: Error - Testing SSL connection to manage.office.com:443

Posted By Juan Paulo Thu May 05, 2022 03:34 PM
Found In Egroup: IBM Security QRadar \ view thread
HI need to update the cert files on the machine you selected on the Log Source config. On the office 365 you should have something like this. That it's the name of the machine that will run the polling to grab the logs from office365, and that machine will need the certs. There's a ...

RE: Network activity tab

Posted By Juan Paulo Thu April 07, 2022 10:45 AM
Found In Egroup: IBM Security QRadar \ view thread
Hi Slavcho... sorry I misread your question. The 2 thing I think you could review to verify if you have all the permissions to see the "Network Activity" Tab its: Do you have Do you have Flow licenses? Try Admin -> System and License Management -> Display (Licenses), review the latest column Flow ...

RE: Network activity tab

Posted By Juan Paulo Wed April 06, 2022 06:07 PM
Found In Egroup: IBM Security QRadar \ view thread
Hi I would recommend that you review this traning that explains the basics of flows : https://www.securitylearningacademy.com/course/view.php?id=4863 If you are talking app you are talking it's NTA (Network Threat Analytics), you can find it on the App Exchange here: https://exchange.xf ...

RE: Events have not been received from this Log Source in over 720 minutes.

Posted By Juan Paulo Fri November 12, 2021 10:14 AM
Found In Egroup: IBM Security QRadar \ view thread
Hi this it's a great article/documentation that helps you implement some of the ideas other posts. Basically you need to customize how each kind of Log Source are treated. Another "good practice" it's to add comments into the Log Source Description if you troubleshoot and find out that a Log Sources ...

RE: UBA Multi Tenancy configuration

Posted By Juan Paulo Mon May 11, 2020 04:28 PM
Found In Egroup: IBM Security QRadar \ view thread
Hi Katia, some recomendations I would suggest a) Review the documentation of UBA: https://www.ibm.com/support/knowledgecenter/SSKMKU/com.ibm.UBAapp.doc/c_Qapps_UBA_intro.html b) Within the documentation chechk the Multitenancy part https://www.ibm.com/support/knowledgecenter/SSKMKU/com.ibm.UB ...

RE: Wincollect Powershell/Sysmon/Taskscheduler logs collection

Posted By Juan Paulo Fri May 08, 2020 12:51 PM
Found In Egroup: IBM Security QRadar \ view thread
Hi Akash at least you'll need to do the following: Download and install sysmon Create the config file of sysmon, normally try to re-use something like https://github.com/SwiftOnSecurity/sysmon-config/blob/master/sysmonconfig-export.xml Install & Configure WinCollect You'll need to ...

RE: Unknown log event

Posted By Juan Paulo Fri January 17, 2020 02:28 PM
Found In Egroup: IBM Security QRadar \ view thread
Hi just in case the official info about dropped and giveback it's here. https://www.ibm.com/support/pages/qradar-license-eps-rates-and-giveback regards ------------------------------ Juan Paulo IBM Santiago ------------------------------