Categories
General Uncategorized

Generating and receiving events with QRadar

QRadar is capable of receiving and parsing events from a variety of third-party security products. The full list of supported devices is available in the documentation and the several formats and devices increases often. Receiving events with QRadar QRadar can pick up events in “auto-detected” mode from supported appliance, what let you see events immediately […]

Categories
Architecture

Changes in Traffic Analysis in 7.3.1

Among new features introduced in version 7.3.1, one of the most important would be a change in Traffic Analysis. Change reasons Many users have had issues with incorrectly auto detected log sources.  In some extreme cases, incorrectly detected devices can have a major performance impact, which would lead to degradation on ecs-ec. The solution for this problem […]

Categories
UseCase

Performance degradation in QRadar on ecs-ec

Performance degradation occurs in QRadar on two main services ecs-ec and ecs-ep. Depends on service, which is affected (sometimes it can be on both at the same time), you need to understand different cause and different solution. In this article we will discuss only a problem on ecs-ec. EC stands for events collector and you […]