1. Introduction Hello, in this article we will discover how to modify the configuration file of QRadar in order to unlock some cool features for testing purposes or to solve issues. Those options are, to be used in test environments preferably, that’s why it can have huge impacts on your infrastructure. Warning: I am not…
Catégorie : English
HowTo #4 – Understand AQL subqueries (EN)
1. Introduction Hello everyone, today we will discover how to make advanced AQL request with subqueries. They allow us to do action that are not possible with simple AQL request as well as combined requests in one request. There are two types of subqueries: 2. HowTo In a more technical point of view, you can…
HowTo #3 – Monitor EPS (EN)
1. Introduction Hello, in this article we will discover how to monitor EPS (Event Per Second) of your QRadar infrastructure in a cool way. Indeed, if you want a healthy QRadar you need to monitor and have a good comprehension of EPS variation. In fact, many peak of logs can result into instabilities of your…
HowTo #2 : Catch webhooks in QRadar (EN)
1. Introduction Hello everyone, today we are going to see how to collect in QRadar elements sent by external applications via HTTP protocol. Indeed, many applications offer this feature and it’s often interesting in terms of security and supervision in general to collect this type of information. For this article, we are going to use…
HowTo #1 : Manipulation of Windows log files (EN)
1. Introduction Hello everyone, here we are, the first article in a series where I will present you small tips to save time everyday on cybersecurity subjects. Today, we will see how to easily manipulate Windows logs with Powershell. If you have already used the event viewer on Windows, you may have noticed several limitations.…