Monday, 29 February 2016

HOW TO CREATE IBM QRADAR SIEM RULE AND RULE GROUP

How to create siem rule group

1. Goto to Offenses tab --> Rules in left pane --> Groups at top in right pane

2. It will open following wizard. click New Group at top


3. Add group name and description and click OK



How to create siem rule

SIEM Rule to identify log sources not sending event for specific time.

1. Open Offenses tab --> Rules in left pane --> Display --> rule


2. Click "Actions --> New Event Rule or whatever you want to create


3. It will open a wizard click Next


4. Click Events, Flows, Events and Flows, Offenses as you want to create. I selected Events and click next.


5. Select Test Group which is suitable to your requirements. I have selected Log Source Tests and added last option by clicking on + sign at left.


6. Add log sources which you want to test and put time in seconds to test. Select group in which you want to place this rule and click next.


7. Select the action to be performed on this rule. I have selected Email to send and email for this rule.

rule.jpg

8. Click the Finish to complete the rule.


It will create a rule to check the selected log sources not sending event for the specified amount of time.

SIEM use case for log sources not sending events for specific time.

1 comment:

  1. Selling USA FRESH SSN Leads/Fullz, along with Driving License/ID Number with good connectivity.

    **Price for One SSN lead 2$**

    All SSN's are Tested & Verified. Fresh spammed data.

    **DETAILS IN LEADS/FULLZ**

    ->FULL NAME
    ->SSN
    ->DATE OF BIRTH
    ->DRIVING LICENSE NUMBER
    ->ADDRESS WITH ZIP
    ->PHONE NUMBER, EMAIL
    ->EMPLOYEE DETAILS

    ->Bulk order negotiable
    ->Hope for the long term business
    ->You can asked for specific states too

    **Contact 24/7**

    Whatsapp > +923172721122

    Email > leads.sellers1212@gmail.com

    Telegram > @leadsupplier

    ICQ > 752822040

    ReplyDelete