The Log Activity tab in the IBM QRadar console displays real-time information about the data transferred from Data Connector to the console:
Image: The IBM QRadar Security Intelligence platform "Log Activity" tab, which displays a table of security events.
When you click a log event, the console will display detailed information about it:
...
The "Event Information" section includes:
The IBM QRadar Security Intelligence platform "Log Activity" tab, which displays a table of security events.
If the events are shown as Unknown in the QRadar SIEM server, then do the following:
...
2. Open the Admin tab, click Data Sources > Events, and click Log Sources.
Image: The web-based configuration panel for adding a log source within a security event management system
- The "Event Information" section includes:
3. Click Add. The Log Sources screen will open:
Image: The configuration interface for adding a log source in a security information.
4. Specify the following:
...
5. In the Admin tab of the console, click Deploy Changes:
Image: The IBM QRadar Security Intelligence "Admin" tab displaying the Deploy Changes panel.
6. Click Save.
For more information, refer to the IBM QRadar document.