In order to export a list of all enabled log sources, SIEM administrators can run one of the following commands basd on psql query in QRadar. The commands are available from the Console back end, so using SSH, log in to the QRadar Console as the root user. To enter the command line for the database, […]
Tag: Log Sources
DSM Editor (part two)
This is the second part of the article about DSM Editor. Please find the link here to the first part of this article. As mentioned there, DSM Editor can create a new Log Source, based on repeating information in any kind of log. Sample Log Suppose, that you are dealing with logs collected from the […]
DSM Editor (part one)
DSM Editor is multi-task editor, which let you parse any event received by QRadar box. QRadar supports more than 1000 Log Sources out of the box. It is possible because this type of SIEM software has installed a device support modules called DSMs, which let QRadar parse the logs. The most widely used software and […]
QRadar is capable of receiving and parsing events from a variety of third-party security products. The full list of supported devices is available in the documentation and the several formats and devices increases often. Receiving events with QRadar QRadar can pick up events in “auto-detected” mode from supported appliance, what let you see events immediately […]
QRadar Log Sources
QRadar Log Sources are displayed in Log Activity tab where each event information is in a form of record from that log source. An event is a record from a device that describes an action on a network or host. SIEM normalizes the varied information found in raw events. QRadar SIEM supports many protocols, to receive raw […]