All public logs

Combined display of all available logs of Wiki. You can narrow down the view by selecting a log type, the username (case-sensitive), or the affected page (also case-sensitive).

• 17:26, 16 June 2025 Ebasso talk contribs created page IBM QRadar SOAR: Working with Incident Properties with Playbooks (Created page with "Simple playbook to close a Incident == Configuring the Playbook == 372x600px In your playbook: 1) add or edit the '''Define Properties''' script. Provide the following code: <nowiki> x_var= {} x_var['value'] = 'Blablabla' my_vars = { "id": 4, "default_inc_type": "Phishing", "username": "John Connor" } playbook.addProperty('x_var', x_var) playbook.addProperty('my_vars', my_vars) </nowiki> 1) add or edit the '''Define Propertie...")
• 17:23, 16 June 2025 Ebasso talk contribs created page File:Playbook-properties.PNG
• 17:23, 16 June 2025 Ebasso talk contribs uploaded File:Playbook-properties.PNG
• 12:29, 12 June 2025 Ebasso talk contribs uploaded a new version of File:Task-utils-close-incident-03.PNG
• 12:28, 12 June 2025 Ebasso talk contribs deleted page File:Task-utils-close-incident-02.PNG (Deleted old revision 20250612122830!Task-utils-close-incident-02.PNG)
• 12:28, 12 June 2025 Ebasso talk contribs uploaded a new version of File:Task-utils-close-incident-02.PNG
• 12:21, 12 June 2025 Ebasso talk contribs created page IBM QRadar SOAR: Handling Asynchronous Playbooks in Incident Playbook in IBM QRadar SOAR (Created page with "In IBM QRadar SOAR (Security Orchestration, Automation and Response), **Incident Playbooks** are essential tools for automating the lifecycle of an incident. While many playbooks run in a linear, synchronous fashion, some real-world response scenarios require **asynchronous playbook behavior** — where the execution pauses and resumes based on external input, time delays, or manual actions. == What Are Asynchronous Playbooks in Incident Playbooks? == An asynchronous...")
• 11:58, 12 June 2025 Ebasso talk contribs created page File:Task-utils-close-incident-03.PNG
• 11:58, 12 June 2025 Ebasso talk contribs uploaded File:Task-utils-close-incident-03.PNG
• 11:57, 12 June 2025 Ebasso talk contribs created page File:Task-utils-close-incident-02.PNG
• 11:57, 12 June 2025 Ebasso talk contribs uploaded File:Task-utils-close-incident-02.PNG
• 11:57, 12 June 2025 Ebasso talk contribs created page File:Task-utils-close-incident-01.PNG
• 11:57, 12 June 2025 Ebasso talk contribs uploaded File:Task-utils-close-incident-01.PNG
• 11:36, 12 June 2025 Ebasso talk contribs created page IBM QRadar SOAR: Handling Incident Tasks with Playbooks (Created page with "IBM QRadar SOAR allows automated email sending through the '''fn_task_utils''' app. This app allowing you to interact with SOAR Artifacts for use with other automations. More details here: [https://ibmresilient.github.io/resilient-community-apps/fn_task_utils/README.html Task Utilities] == Prerequisites == * IBM QRadar SOAR configured. * '''fn_task_utils''' app installed. == Configuring the Playbook == In your playbook: 1) add or edit the '''Artifact Utils: Se...")
• 18:42, 11 June 2025 Ebasso talk contribs created page IBM QRadar SOAR: Closing Incident with Playbooks (Created page with "Simple playbook to close a Incident == Configuring the Playbook == 346x599px In your playbook: 1) add or edit the '''Get Artifacts''' script. Provide the following code: <nowiki> incident.resolution_id = "Resolved" if incident.confirmed: incident.resolution_summary = "Incident was closed with CONFIRMED." else: incident.resolution_summary = "Incident was closed with Unconfirmed." incident.plan_status = "C" incident.addNote("...")
• 18:40, 11 June 2025 Ebasso talk contribs created page File:Soar-close-incident.PNG
• 18:40, 11 June 2025 Ebasso talk contribs uploaded File:Soar-close-incident.PNG
• 17:50, 11 June 2025 Ebasso talk contribs created page File:Artifacts-utils-02.PNG
• 17:50, 11 June 2025 Ebasso talk contribs uploaded File:Artifacts-utils-02.PNG
• 17:50, 11 June 2025 Ebasso talk contribs created page File:Artifacts-utils-01.PNG
• 17:50, 11 June 2025 Ebasso talk contribs uploaded File:Artifacts-utils-01.PNG
• 17:48, 11 June 2025 Ebasso talk contribs created page IBM QRadar SOAR: Handling Incident Artifacts with Playbooks (Created page with "IBM QRadar SOAR allows automated email sending through the '''fn_task_utils''' app. This app allowing you to interact with SOAR Artifacts for use with other automations. More details here: [https://ibmresilient.github.io/resilient-community-apps/fn_task_utils/README.html Task Utilities] The code is provided in my GitHub [https://github.com/ebasso/ibm-qradar-samples/ IBM QRadar Samples] == Prerequisites == * IBM QRadar SOAR configured. * '''fn_task_utils''' app inst...")
• 11:39, 30 May 2025 Ebasso talk contribs created page IBM QRadar SOAR: Send Emails in SOAR Using the fn outbound email App inline template (Created page with "= How to Send Emails in IBM QRadar SOAR Using the <code>fn_outbound_email</code> App = IBM QRadar SOAR allows automated email sending through the '''fn_outbound_email''' app. This guide explains how to configure and use this functionality within playbooks, utilizing custom templates for email content. More details here: [https://ibmresilient.github.io/resilient-community-apps/fn_outbound_email/README.html IBM Resilient Community Apps - fn_outbound_email] The code is...")
• 11:29, 30 May 2025 Ebasso talk contribs created page IBM QRadar SOAR: Send Emails in SOAR Using the fn outbound email App (Created page with "= How to Send Emails in IBM QRadar SOAR Using the <code>fn_outbound_email</code> App = IBM QRadar SOAR allows automated email sending through the '''fn_outbound_email''' app. This guide explains how to configure and use this functionality within playbooks, utilizing custom templates for email content. More details here: [https://ibmresilient.github.io/resilient-community-apps/fn_outbound_email/README.html IBM Resilient Community Apps - fn_outbound_email] == Prerequisi...")
• 00:45, 15 May 2025 Ebasso talk contribs deleted page IBM Maximo: Montando um Ambiente de desenvolvimento BIRT em uma Virtual Machine (suporte ao MacOS M1, Qemu, Ubuntu 16) (not finished)
• 00:43, 15 May 2025 Ebasso talk contribs moved page IBM Maximo: Criando as filas JMS Queues via linha de comando para o Maximo to IBM Maximo: Criando as filas JMS Queues via linha de comando para o Maximo EAM
• 00:43, 15 May 2025 Ebasso talk contribs moved page IBM Maximo: Criando as filas JMS Queues manualmente para o Maximo to IBM Maximo: Criando as filas JMS Queues manualmente para o Maximo EAM
• 00:42, 15 May 2025 Ebasso talk contribs moved page IBM Maximo: Running Maximo as Container to IBM Maximo: Running Maximo EAM as Container
• 00:41, 15 May 2025 Ebasso talk contribs moved page IBM Maximo: Instalação do Maximo Manage no Linux via Linha de Comando to IBM Maximo: Instalação do Maximo EAM no Linux via Linha de Comando
• 00:41, 15 May 2025 Ebasso talk contribs moved page IBM Maximo: Verificando pré-requisitos de instalação e upgrade to IBM Maximo: Verificando pré-requisitos de instalação e upgrade do Maximo EAM
• 00:40, 15 May 2025 Ebasso talk contribs moved page IBM Maximo: Instalação do Maximo no Linux via Linha de Comando to IBM Maximo: Instalação do Maximo Manage no Linux via Linha de Comando
• 00:36, 15 May 2025 Ebasso talk contribs created page IBM Maximo: Opções do MAS CLI (Created page with " Caso você deseja outras opções de instalação veja abaixo: = MAS Core = mas install --mas-catalog-version v9-250501-amd64 --ibm-entitlement-key $IBM_ENTITLEMENT_KEY \ --mas-channel 9.0.x --mas-instance-id inst1 --mas-workspace-id ws01 --mas-workspace-name "MAS Workspace 01" \ --non-prod \ --storage-class-rwo "ocs-storagecluster-ceph-rbd" --storage-class-rwx "ocs-storagecluster-cephfs" \ --storage-pipeline "ocs-storagecluster-cephfs" --storage-accessmode "...")
• 19:54, 14 May 2025 Ebasso talk contribs created page IBM Sterling B2B: Useful Database Queries for Monitoring and Statistics (Created page with "This page documents commonly used SQL queries for gathering communication and processing statistics from IBM Sterling databases (Oracle, DB2, and MS SQL Server). == (Oracle) List Largest Tables and Update Statistics == Checking the largest tables and updating table statistics. select table_name, round((num_rows*avg_row_len)/1048576) tbsize, num_rows, last_analyzed from all_tables where owner='XXXXXXX' and num_rows>0 order by num_rows desc == 1. Communication Ses...")
• 13:35, 22 April 2025 Ebasso talk contribs created page IBM QRadar: Monitorando um arquivo de log e enviando via syslog (Created page with " = Configurando o Filtro no rsyslog = == 1. Criar Arquivo de Configuração == Edite ou crie um novo arquivo no diretório de configuração do rsyslog: sudo vi /etc/rsyslog.d/meu_app_logs.conf == 2. Adicionar Configuração com Filtro por Tag == Insira o seguinte conteúdo no arquivo criado: module(load="imfile") # Garante que o módulo esteja carregado # Monitorar o arquivo de log input(type="imfile" File="/caminho/para/seu/logfile.log" Tag=...")
• 01:44, 17 April 2025 Ebasso talk contribs created page IBM QRadar SOAR: Configuring SMTP settings (Created page with " 1) Connect to CLI, using '''resadmin''' user 2) Run command <small>sudo resutil smtpedit –email [email protected] -name ”Resilient System” -host centos9.company.com -port 25 –nostarttls</small> = Ver também = * Artigos sobre IBM QRadar * Artigos sobre Cloud * Mais Artigos sobre Cloud / WebDev / Tecnologias Category:IBM QRadar Category:IBM QRadar SOAR")
• 01:03, 17 April 2025 Ebasso talk contribs created page IBM QRadar SOAR: Create Users using command line (Created page with " 1) Connect to CLI, using '''resadmin''' user 2) Run command sudo resutil newuser -email "[email protected]" -first Harry -last Potter -role "Incident Creator" -org "Hogwarts" = Ver também = * Artigos sobre IBM QRadar * Artigos sobre Cloud * Mais Artigos sobre Cloud / WebDev / Tecnologias Category:IBM QRadar Category:IBM QRadar SOAR")
• 23:17, 15 April 2025 Ebasso talk contribs created page IBM QRadar: Unlocking locked hosts (Created page with "1) Using SSH, log in to your system as the root user 2) Unlock specific hosts by typing the following command <small>/opt/qradar/bin/runjava.sh com.ibm.si.security_model.authentication.AuthenticationLockoutCommandLineTool --remove-ip <host_IP_address1></small> 3) Unlock all hosts by typing the following command <small>/opt/qradar/bin/runjava.sh com.ibm.si.security_model.authentication.AuthenticationLockoutCommandLineTool --remove-all-ips</small> = Ver também =...")
• 23:13, 15 April 2025 Ebasso talk contribs created page IBM QRadar SOAR: Reset password from Administrator of Web Console (Created page with " 1) Connect to CLI, using '''resadmin''' user 2) Run command sudo resutil resetuser -email [email protected] -setpassword = Ver também = * Artigos sobre IBM QRadar * Artigos sobre Cloud * Mais Artigos sobre Cloud / WebDev / Tecnologias Category:IBM QRadar Category:IBM QRadar SOAR")
• 19:46, 8 April 2025 Ebasso talk contribs created page RedHat Openshift: Configurando o Bastion Host (Created page with "O Bastion é uma máquina que não faz parte do OpenShift e é usada para executar os comandos de instalação e manutenção do cluster. Configuração: {| class="wikitable" |+ Configuração da VM Bastion ! Configuração !! Valor |- | SO || Linux RHEL 9.4 |- | Arquitetura || x86-64 |- | Hostname || bastion-01.ebasso.local |- | IP || 192.168.252.2 |- | Memória || 04 GB |- | CPU || 02 Vcpus |- | Disco /home || 265GB |} Criar os diretórios abaixo para armazenar os...")
• 15:14, 19 March 2025 Ebasso talk contribs created page IBM QRadar: AQL Queries (Created page with "The query below calculates the total uncompressed payload size stored on disk for each log source type in the last hour. SELECT LOGSOURCETYPENAME(deviceType) AS LogSource, MIN(STRLEN(UTF8(payload))) AS Minimum, MAX(STRLEN(UTF8(payload))) AS Maximum, AVG(STRLEN(UTF8(payload))) AS AverageSize, STDEV(STRLEN(UTF8(payload))) AS STD, COUNT(logsourceid) AS EventCount, LONG(EventCount * AverageSize) / (1024 * 1024) as TotalSizeUncompressedMB FROM events GROUP B...")
• 14:54, 19 March 2025 Ebasso talk contribs created page IBM Sterling Connect:Direct: Trocando a chave TLS do C:D (Created page with "= Trocando a chave SSL do Connect:Direct = Vamos criar uma chave 2024/2025 como exemplo: keytool -genkeypair -alias cdnode01_24_25 -keyalg RSA -keysize 2048 -validity 10 -keystore cdkeystore.p12 -storetype PKCS12 \ -sigalg SHA384withRSA -dname "CN=cdnode01.ebasso.net, O=EbassoNet, ST=Goias, C=BR" Enter keystore password: Re-enter new password: Generating 2,048 bit RSA key pair and self-signed certificate (SHA384withRSA) with a validity of 10 days for: CN=cdn...")
• 21:28, 31 January 2025 Ebasso talk contribs created page IBM QRadar: Recreate a set of daily backup files containing only data from the past month (Created page with " == Problem == User wants to recreate a set of daily backup files containing only data from the past month. The backup tool does not seem to offer this option directly, and the user considered manually compressing files in the Ariel directory. However, this approach proved to be slow. == Solution == It was suggested to use the script /opt/qradar/support/manual_data_backup.sh to perform the backup more efficiently. '''Another point''': The user tested the script i...")
• 18:54, 31 January 2025 Ebasso talk contribs moved page IBM QRadar: Configuração pra Envio de Email to IBM QRadar: Envio de Email without leaving a redirect
• 18:53, 31 January 2025 Ebasso talk contribs created page IBM QRadar: Ofensas (Created page with " * [https://www.ibm.com/docs/en/qsip/7.5?topic=siem-offense-management Gerenciamento de Ofensas] * [https://community.ibm.com/community/user/security/blogs/ashish-kothekar/2021/07/07/how-qradar-offense-renaming-works How QRadar Offense Renaming works] = Ver também = * Artigos sobre IBM QRadar * Mais Artigos sobre Cloud / WebDev / Tecnologias Category:IBM QRadar")
• 18:50, 31 January 2025 Ebasso talk contribs created page IBM QRadar: Ariel Query Language (AQL) (Created page with "= Ariel Query Language (AQL) = * [https://www.ibm.com/docs/en/qradar-on-cloud?topic=aql-query-structure AQL Query structure] : Use Ariel Query Language (AQL) to extract, filter, and perform actions on event and flow data * [https://www.ibm.com/docs/en/qradar-on-cloud?topic=aql-ariel-query-language Ariel Query Language] : Funções para transformação, agregação da AQL = Ver também = * Artigos sobre IBM QRadar * Tecnologias| Mais Artigos sobre...")
• 10:28, 23 January 2025 Ebasso talk contribs moved page IBM QRadar : Principais Comandos e Arquivos to IBM QRadar: Principais Comandos e Arquivos without leaving a redirect
• 10:27, 23 January 2025 Ebasso talk contribs created page IBM QRadar: Backup de configurações e dados do QRadar (Created page with "* [https://www.ibm.com/docs/en/SS42VS_7.5/com.ibm.qradar.doc/t_qradar_adm_conf_shed_nt_bkup.html Configurando a execução dos Backups] * [https://www.ibm.com/docs/en/SS42VS_7.5/com.ibm.qradar.doc/t_qradar_adm_creat_on_dmd_conf_bkup_arch.html Creating an on-demand configuration backup archive] * [https://www.ibm.com/docs/en/SS42VS_7.5/com.ibm.qradar.doc/t_qradar_adm_backup_fail_email.html Configurando emails de notificação em caso de falha no Backup] = Ver também =...")
• 10:19, 23 January 2025 Ebasso talk contribs created page IBM QRadar: Configuração pra Envio de Email (Created page with "Procedimento para configurar o IBM QRadar pra Envio de Emails = Procedimento = ==Configurar o Email Server Management== No Console, vá em '''Admin > Email Server Management''' Clique nos (três pontos) para editar a configuração default. Preencha os campos obrigatórios: * '''Hostname''': Nome do servidor SMTP. * '''Port''': Porta utilizada pelo SMTP (default 25) * '''Description''': Descrição da conexão. * '''Username''': usuário para conexão. * '''Passwor...")
• 10:09, 23 January 2025 Ebasso talk contribs created page IBM QRadar: Importação em Redes em Lote via REST API (Created page with "'''<big>Importante: Ao adicionar novas redes é necessário fazer o backup da configuração atual, pois ao executar a REST API, ela vai SUBSTITUIR a configuração atual.</big>''' =Procedimento= ==Criar uma Chave de Acesso== No Console, vá em '''Admin > Authorized Services''' Clique em '''Add'''. Preencha os campos obrigatórios: '''Authorized Service Label''': identificação. '''Tenant''': Informe N/A '''Security Profile''': Informe Admin. '''User Role''': I...")
• 18:46, 19 January 2025 Ebasso talk contribs created page IBM QRadar: Rules (Created page with "Uma Rule (regra) é um grupo de testes que podem desencadear uma ação se condições específicas forem atendidas. = Artigos = * [https://community.ibm.com/community/user/security/blogs/gladys-koskas1/2022/09/29/everything-you-need-to-know-about-qradar-rules Everything you need to know about QRadar Rules (for beginners and experts)] * [https://github.com/SigmaHQ/sigma (Github) Sigma - Generic Signature Format for SIEM Systems] = Exemplos = {| class="wikitable" |...")