QRadar is capable of receiving and parsing events from a variety of third-party security products. The full list of supported devices is available in the documentation and the several formats and devices increases often. Receiving events with QRadar QRadar can pick up events in “auto-detected” mode from supported appliance, what let you see events immediately […]
Tag: Traffic Analysis
Categories
Changes in Traffic Analysis in 7.3.1
Among new features introduced in version 7.3.1, one of the most important would be a change in Traffic Analysis. Change reasons Many users have had issues with incorrectly auto detected log sources. In some extreme cases, incorrectly detected devices can have a major performance impact, which would lead to degradation on ecs-ec. The solution for this problem […]
Performance degradation occurs in QRadar on two main services ecs-ec and ecs-ep. Depends on service, which is affected (sometimes it can be on both at the same time), you need to understand different cause and different solution. In this article we will discuss only a problem on ecs-ec. EC stands for events collector and you […]