IBM QRadar

IBM QRadar

Join this online user group to communicate across Security product users and IBM experts by sharing advice and best practices with peers and staying up to date regarding product enhancements.

 View Only

  • 1.  Should not trigger the log stoppage [Service disruption] rule !!

    Posted Tue February 21, 2023 10:28 PM

    Hi,

    We have a requirement not to trigger a Log stoppage (Service Disruption) Rule when one Firewall is working in HA mode and when one take active and another becomes standby.

    Should not trigger a Rule for log stoppage from one FW when the other one in HA is working fine and sending logs .

    Only Create an offense if both firewalls are stopped sending events to QRadar?

    Could someone give me the condition or logic of the same ?



  • 2.  RE: Should not trigger the log stoppage [Service disruption] rule !!

    Posted Wed February 22, 2023 06:35 AM

    You may follow below link

    https://community.ibm.com/community/user/security/discussion/monitoring-log-source-stopped-sending-logs-for-cluster-log-sources-1



    ------------------------------
    Sarat Sekhar
    ------------------------------

    Original Message


  • 3.  RE: Should not trigger the log stoppage [Service disruption] rule !!

    Posted Tue February 28, 2023 12:55 AM

    I tried this on 2 customers as a test, it seems its not working as expected.


    Original Message


  • 4.  RE: Should not trigger the log stoppage [Service disruption] rule !!

    Posted Tue February 28, 2023 12:56 AM

    @Jonathan Pechta  Do you have a better Idea or IBM official Document to achieve this ?


    Original Message


Related Content