Hi,
There are two apps offering a function to allow retreiving events from QRadar:
- QRadar Integration with the QRadar Search function
- QRadar Enhanced Data Migration with the QRadar Top Events function
Both use similar parameters.
I was wondering if one is better than the other.
When I started developping our playbooks, I bet on the QRadar Enhanced Data Migration app because it somehow looked more "modern". Now I have an incident opened because the function has stopped working for many days and I am considering replacing it with the one from the other app.
Does anybody has any recommandations pertaining to these two Apps?
Thanks
------------------------------
Pierre Dufresne
------------------------------