Advanced Searches in QRadar. Part 1: Introduction

Показать описание

QRadar UI is very intuitive, but some times you need to do things that the UI does not offer you. The flexibility of doing sophisticated searches is now available in QRadar 7.2.3.
A file with the links to all my recent videos can be found here:
Qradar, Arcsight, RSA, Nitro, LogRhythm, "Allien Vault", "solar winds", splunk, "rule correlation", correlation, rule, troubleshooting, debugging, offense, mutaz, "network hierarchy", replay, "replay logs", "false positives", "case sensitivity", siem, "security intelligence", "multi test rules", "qradar rules"

Рекомендации по теме

Комментарии

Hi Josh, I want help from you. I want to make a report of system health using AQL in which columns are elements, hostname, metricID (DiskSpaceUsed) and ('DiskSpaceTotal).
Following is the Query, I have an issue in that query it return actual data but return 2 rows of same columns, group by not working, kindly help me please

SELECT "Hostname", element AS Partiton_Name, MAX(value/(1024*1024*1024)) AS 'DiskUsedInGB', max(value/(1024*1024*1024)) AS 'DiskTotalSpace'
FROM events
WHERE LOGSOURCENAME(logsourceid)
ILIKE '%%health%%' AND "Metric ID"='DiskSpaceUsed' OR "Metric ID"='DiskSpaceTotal' GROUP BY element, "Metric ID"
LAST 2 MINUTES

Let me know if have any question
Thanks

umerahmed

Advanced Searches in QRadar. Part 1: Introduction

Advanced Searches in QRadar. Part 1: Introduction

Advanced Searches in QRadar Part 4 Creating reports with application names and user names

QRadar CE -Advanced Searches

Advanced Searches in QRadar Part 2 Editing some searches

Advanced Searches in QRadar Part 5 Using sophisticated searches when investigating offenses

QRadar Searches in Six Minutes

Advanced Searches in QRadar Part 3 Detecting beaconing at irregular intervals

Searching in QRadar Part One: Ariel Searches

QRadar: Performing AQL searches Part 1

Searching in QRadar Part Two: Quick Filter

How to use advanced search on IBM Qradar

Searches in Qradar

IBM QRadar AQL for IR - Part 1

Qradar Filters and Searches

QRadar: How to use search filters

Two Random Tips for QRadar Searches

Logical OR in QRadar Searches

QRadar: Performing AQL searches Part 2

IBM QRadar AQL for IR - Part 2

QRadar Analyst Workflow: Visual Search Builder

Investigating Search Times in QRadar

QRadar CE - Very Basic Searches

Detecting Squatting with QRadar Searches

Show QRadar in 30 minutes, no power no point, Part 1