Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
177
Views
0
Helpful
2
Replies

Recommended logs that should be sent to IBM QRADAR SIEM from ESA

Vijay.Reddy
Level 1
Level 1

‎04-18-2024 06:52 PM

Any thoughts on recommended logs that should be sent to QRADAR SIEM ? 

 

what subscriptions should be configured ? 

Labels:
0 Helpful
2 Replies 2

Ken Stieers
VIP
VIP

‎04-18-2024 07:10 PM

I would create a Single Line Log subscription add everything and send that...

The go to the SEIM and write a parser for it.

0 Helpful

Paul Thomas Cyblue
Level 1
Level 1

‎04-19-2024 02:43 AM

What's your remit and what's your budget allowance
We log every log subscription ( unless its an unused feature ) and also collect data via SSH HTTPs connections
Ran out of budget on the LDAP logs - and really needed them the other day to analyse a strange stall in rewrite queries but not accept queries

Single Log Line is OK on a basic level - and should allow filtering out log lines from other subscriptions
Better off with a custom log consolidator + generate other metrics + log what you don't purposely filter out.

Depends on what you are analysing / detecting.

0 Helpful
Customers Also Viewed These Support Documents