IBM QRadar

IBM QRadar

Join this online user group to communicate across Security product users and IBM experts by sharing advice and best practices with peers and staying up to date regarding product enhancements.

View Only

Back to discussions

Expand all | Collapse all

Log Stoppage Alert- Exclude the server sleep time period

1. Log Stoppage Alert- Exclude the server sleep time period

Like
Cyber Post
Posted Thu March 02, 2023 11:48 PM

Reply
Hi,

I was looking for a way to exclude the server shutdown [sleep time] period every day from the log stoppage rule.

Example: I have a Rule for log stoppage for 1 Hour, If the server stopped sending logs for more than 1 hour it will generate and offense.

In my case The server is supposed to shutdown everyday at 10 PM and wakes up at 5 AM, During the time period I should not get a log stoppage from the said log sources .

Is it possible to achieve ?

Thanks

IBM QRadar

Log Stoppage Alert- Exclude the server sleep time period

1. Log Stoppage Alert- Exclude the server sleep time period

Additional
Resources

Office

Quick Links

IBM QRadar

Log Stoppage Alert- Exclude the server sleep time period

1. Log Stoppage Alert- Exclude the server sleep time period

Related Content

Log Stoppage alert Exclusion

Devices stopped sending Events

Monitoring log source stopped sending logs for cluster log sources

Stay Vigilant, Even on the Exit Ramp: Monitoring Employees on Notice Period Using IBM QRadar SIEM

Creating a unified pulse dashboard for multiple QRadar EDR servers integration with QRadar SIEM

Additional Resources

Office

Quick Links

Additional
Resources