IBM QRadar

IBM QRadar

Join this online user group to communicate across Security product users and IBM experts by sharing advice and best practices with peers and staying up to date regarding product enhancements.

 View Only

  • 1.  How to get icmp type/code in string via aql in flows?

    Posted Thu July 01, 2021 03:40 AM

    Dear Team,

    I am trying to create a dashboard of top ICMP type/code (flows) in pulse but I got only numbers. Is there any way to get the icmp type/code in string format in aql. Any help would be appriciated.



    #QRadar
    #Support
    #SupportMigration


  • 2.  RE: How to get icmp type/code in string via aql in flows?

    Posted Thu July 01, 2021 05:35 PM

    There is a list of ICMP codes in documented here: https://www.ibm.com/docs/en/qsip/7.4?topic=applications-icmp-type-code-ids

    However, you can do it with an AQL custom function, but it is not something that support can help with. There are a lot of mathematical operators, functions, and code that you can run within an AQL Custom Function and it can do things like lookup and evaluate data. I reached out to dev to ask if there was another method to do this lookup, but an AQL Custom Function is the only method I know of.



    #QRadar
    #Support
    #SupportMigration


  • 3.  RE: How to get icmp type/code in string via aql in flows?

    Posted Sun July 04, 2021 10:49 AM

    Hi Jonathan,

    Thank you for the update. It would be really helpful if dev team has defined some lookup to convert icmp code to string.



    #QRadar
    #Support
    #SupportMigration


Related Content