Tag: SIEM

QRadar is capable of receiving and parsing events from a variety of third-party security products. The full list of supported devices is available in the documentation and the several formats…

Event retention helps QRadar administrators keep up and organize the data collected by their SIEM system. Retention window. Click the Admin tab Retention window to configure the buckets applicable to your deployment. By…

QRadar backup is one of the most important feature to use by each system administrator. There are two types of backups – configuration backup and data backup. It is highly…

QRadar Network Activity is the second important tab in QRadar interface. Each flow is a record of the communication between two machines, minute by minute in the network where resides…

QRadar Log Sources are displayed in Log Activity tab where each event information is in a form of record from that log source. An event is a record from a device…

Missing /store partition can sometimes seem in your QRadar, due to unsafe close of your server (hard reboot or power fail incident). In result,  you can run into troubles caused by…

There are two options for routing data in QRadar: Online: Forwarding takes place during the QRadar event pipeline as part of ECS-EC (event correlation service – event collection) process. It…

QRadar appliances and types group in a large family of products, which can be confusing for people starting with this SIEM. You will find below the list of all currently…

Bad Rabbit malware. On October 24th there were found new attacks on many sites using previously unknown ransomware, which later has been called Bad Rabbit. Bad Rabbit was distributed with…

QRadar processes run on top of a linux (Red Hat 6 for versions up to QRadar 7.2.8 and Red Hat 7 for above), and each of the major functions of…