Versions Compared

Old Version 5

changes.mady.by.user Shirly Tsang

Saved on

compared with

New Version Current

changes.mady.by.user Alex Mandel

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

The Log Activity tab in the IBM QRadar console displays real-time information about the data transferred from Data Connector to the console: 

The screenshot shows the Log Activity tab in the IBM QRadar console. Image Modified
Image: The IBM QRadar Security Intelligence platform "Log Activity" tab, which displays a table of security events.

When you click a log event, the console will display detailed information about it:

The screenshot shows detailed information about a log event. The Event Information section shows the magnitude, relevance, severity, credibility, start time, storage time, and log source time. The Source and Destination Information section shows the source IP and port, the destination IP and port, IPv6 source and destination, and other details.Image ModifiedImage: The IBM QRadar Security Intelligence platform displaying a the view of a specific event within the "Log Activity" section of the tool:

The "Event Information" section includes:

The IBM QRadar Security Intelligence platform "Log Activity" tab, which displays a table of security events.

If the events are shown as Unknown in the QRadar SIEM server, then do the following:

...

2. Open the Admin tab, click Data Sources > Events, and click Log Sources.

The screenshot shows the Log Source page, which shows a list of active log sources defined by the license of the user. For a log source, the row in the table shows the name, description, status, protocol, group, type, and an indication of whether the log source is enabled.Image Modified
ImageThe web-based configuration panel for adding a log source within a security event management system

  • The "Event Information" section includes:

3. Click Add. The Log Sources screen will open:

The screenshot shows the Log Sources screen, which contains the configuration fields for a log source.Image Modified
Image: The configuration interface for adding a log source in a security information.

4. Specify the following:

...

5. In the Admin tab of the console, click Deploy Changes:

The screenshot shows the Admin tab of the IB QRadar Security Intelligence.Image Modified
Image: The IBM QRadar Security Intelligence "Admin" tab displaying the Deploy Changes panel. 

6. Click Save.

For more information, refer to the IBM QRadar document.