Versions Compared

Old Version 8

changes.mady.by.user Alex Mandel

Saved on

compared with

New Version Current

changes.mady.by.user Alex Mandel

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

The Log Activity tab in the IBM QRadar console displays real-time information about the data transferred from Data Connector to the console: 

The screenshot shows the Log Activity tab in the IBM QRadar console.
Image: The IBM QRadar Security Intelligence platform "Log Activity" tab, which displays a table of security events.

When you click a log event, the console will display detailed information about it:

...

The "Event Information" section includes:

The IBM QRadar Security Intelligence platform "Log Activity" tab, which displays a table of security events.

If the events are shown as Unknown in the QRadar SIEM server, then do the following:

...

2. Open the Admin tab, click Data Sources > Events, and click Log Sources.

The screenshot shows the Log Source page, which shows a list of active log sources defined by the license of the user. For a log source, the row in the table shows the name, description, status, protocol, group, type, and an indication of whether the log source is enabled.Image Modified
ImageThe web-based configuration panel for adding a log source within a security event management system

  • The "Event Information" section includes:

3. Click Add. The Log Sources screen will open:

The screenshot shows the Log Sources screen, which contains the configuration fields for a log source.
Image: The configuration interface for adding a log source in a security information.

4. Specify the following:

...

5. In the Admin tab of the console, click Deploy Changes:

The screenshot shows the Admin tab of the IB QRadar Security Intelligence.
Image: The IBM QRadar Security Intelligence "Admin" tab displaying the Deploy Changes panel. 

6. Click Save.

For more information, refer to the IBM QRadar document.