HowTo #5 – Modifying QRadar configuration file (EN)
Hello, in this article we will discover how to modify the configuration file of QRadar in order to unlock some cool features for testing purposes or to solve issues. Those options are, to be used in test environments preferably, that’s why it can have huge impacts on your infrastructure.
Warning: I am not responsible of any dysfunctionment of any kind that could occur after the application of actions described in this article. That is why, I must warn you and invite you when it is possible to make backups and test in developement environments before any changes.
HowTo #4 – Understand AQL subqueries (EN)
Hello everyone, today we will discover how to make advanced AQL request with subqueries. They allow us to do action that are not possible with simple AQL request as well as combined requests in one request.
There are two types of subqueries:
- subqueries that define datas which will be used in the main request
- subqueries that allow you to filter on a property with the result of the subquery
HowTo #3 – Monitor EPS (EN)
Hello, in this article we will discover how to monitor EPS (Event Per Second) of your QRadar infrastructure in a cool way. Indeed, if you want a healthy QRadar you need to monitor and have a good comprehension of EPS variation. In fact, many peak of logs can result into instabilities of your QRadar and good collection in general. In a more cybersecurity point of view, those peak can be a sign of malicious activities from third parties.
You will discover how to get a monitoring dashboard and how to use it. After that, you will be able to customize the dashboard to adapt it for your environment and every specificities.
You can retrieve the dashboard in my github repository here : https://raw.githubusercontent.com/staze0/QRadar/main/Pulse%20Dashboard/EPS%20Monitoring.json. Do not hesitate to leave a ⭐.
Note: You have to install Pulse application to import this dashboard.
HowTo #2 : Catch webhooks in QRadar (EN)
Hello everyone, today we are going to see how to collect in QRadar elements sent by external applications via HTTP protocol. Indeed, many applications offer this feature and it’s often interesting in terms of security and supervision in general to collect this type of information.
For this article, we are going to use the BookStack web application as an example but we could test on any application we want, or even on our own developped application!
HowTo #1 : Manipulation of Windows log files (EN)
Hello everyone, here we are, the first article in a series where I will present you small tips to save time everyday on cybersecurity subjects. Today, we will see how to easily manipulate Windows logs with Powershell.
If you have already used the event viewer on Windows, you may have noticed several limitations. First, event viewer can be very slow when you try opening big files with a lot of events. Second, you cannot properly do advanced filtering such as regex.
So, that’s why I have decided to try out Powershell, which includes cmdlet specially for Windows logs file. Furthermore, one of the positive points of using Powershell is automation and scripting.