New pages

15:14, 19 March 2025 ‎IBM QRadar: AQL Queries (hist | edit) ‎[2,394 bytes] ‎Ebasso (talk | contribs) (Created page with "The query below calculates the total uncompressed payload size stored on disk for each log source type in the last hour. SELECT LOGSOURCETYPENAME(deviceType) AS LogSource, MIN(STRLEN(UTF8(payload))) AS Minimum, MAX(STRLEN(UTF8(payload))) AS Maximum, AVG(STRLEN(UTF8(payload))) AS AverageSize, STDEV(STRLEN(UTF8(payload))) AS STD, COUNT(logsourceid) AS EventCount, LONG(EventCount * AverageSize) / (1024 * 1024) as TotalSizeUncompressedMB FROM events GROUP B...")
14:54, 19 March 2025 ‎IBM Sterling Connect:Direct: Trocando a chave TLS do C:D (hist | edit) ‎[3,087 bytes] ‎Ebasso (talk | contribs) (Created page with "= Trocando a chave SSL do Connect:Direct = Vamos criar uma chave 2024/2025 como exemplo: keytool -genkeypair -alias cdnode01_24_25 -keyalg RSA -keysize 2048 -validity 10 -keystore cdkeystore.p12 -storetype PKCS12 \ -sigalg SHA384withRSA -dname "CN=cdnode01.ebasso.net, O=EbassoNet, ST=Goias, C=BR" Enter keystore password: Re-enter new password: Generating 2,048 bit RSA key pair and self-signed certificate (SHA384withRSA) with a validity of 10 days for: CN=cdn...")
21:28, 31 January 2025 ‎IBM QRadar: Recreate a set of daily backup files containing only data from the past month (hist | edit) ‎[1,645 bytes] ‎Ebasso (talk | contribs) (Created page with " == Problem == User wants to recreate a set of daily backup files containing only data from the past month. The backup tool does not seem to offer this option directly, and the user considered manually compressing files in the Ariel directory. However, this approach proved to be slow. == Solution == It was suggested to use the script /opt/qradar/support/manual_data_backup.sh to perform the backup more efficiently. '''Another point''': The user tested the script i...")
18:53, 31 January 2025 ‎IBM QRadar: Ofensas (hist | edit) ‎[405 bytes] ‎Ebasso (talk | contribs) (Created page with " * [https://www.ibm.com/docs/en/qsip/7.5?topic=siem-offense-management Gerenciamento de Ofensas] * [https://community.ibm.com/community/user/security/blogs/ashish-kothekar/2021/07/07/how-qradar-offense-renaming-works How QRadar Offense Renaming works] = Ver também = * Artigos sobre IBM QRadar * Mais Artigos sobre Cloud / WebDev / Tecnologias Category:IBM QRadar")
18:50, 31 January 2025 ‎IBM QRadar: Ariel Query Language (AQL) (hist | edit) ‎[688 bytes] ‎Ebasso (talk | contribs) (Created page with "= Ariel Query Language (AQL) = * [https://www.ibm.com/docs/en/qradar-on-cloud?topic=aql-query-structure AQL Query structure] : Use Ariel Query Language (AQL) to extract, filter, and perform actions on event and flow data * [https://www.ibm.com/docs/en/qradar-on-cloud?topic=aql-ariel-query-language Ariel Query Language] : Funções para transformação, agregação da AQL = Ver também = * Artigos sobre IBM QRadar * Tecnologias| Mais Artigos sobre...")
10:27, 23 January 2025 ‎IBM QRadar: Backup de configurações e dados do QRadar (hist | edit) ‎[645 bytes] ‎Ebasso (talk | contribs) (Created page with "* [https://www.ibm.com/docs/en/SS42VS_7.5/com.ibm.qradar.doc/t_qradar_adm_conf_shed_nt_bkup.html Configurando a execução dos Backups] * [https://www.ibm.com/docs/en/SS42VS_7.5/com.ibm.qradar.doc/t_qradar_adm_creat_on_dmd_conf_bkup_arch.html Creating an on-demand configuration backup archive] * [https://www.ibm.com/docs/en/SS42VS_7.5/com.ibm.qradar.doc/t_qradar_adm_backup_fail_email.html Configurando emails de notificação em caso de falha no Backup] = Ver também =...")
10:19, 23 January 2025 ‎IBM QRadar: Envio de Email (hist | edit) ‎[1,633 bytes] ‎Ebasso (talk | contribs) (Created page with "Procedimento para configurar o IBM QRadar pra Envio de Emails = Procedimento = ==Configurar o Email Server Management== No Console, vá em '''Admin > Email Server Management''' Clique nos (três pontos) para editar a configuração default. Preencha os campos obrigatórios: * '''Hostname''': Nome do servidor SMTP. * '''Port''': Porta utilizada pelo SMTP (default 25) * '''Description''': Descrição da conexão. * '''Username''': usuário para conexão. * '''Passwor...") originally created as "IBM QRadar: Configuração pra Envio de Email"
10:09, 23 January 2025 ‎IBM QRadar: Importação em Redes em Lote via REST API (hist | edit) ‎[2,986 bytes] ‎Ebasso (talk | contribs) (Created page with "'''<big>Importante: Ao adicionar novas redes é necessário fazer o backup da configuração atual, pois ao executar a REST API, ela vai SUBSTITUIR a configuração atual.</big>''' =Procedimento= ==Criar uma Chave de Acesso== No Console, vá em '''Admin > Authorized Services''' Clique em '''Add'''. Preencha os campos obrigatórios: '''Authorized Service Label''': identificação. '''Tenant''': Informe N/A '''Security Profile''': Informe Admin. '''User Role''': I...")
18:46, 19 January 2025 ‎IBM QRadar: Rules (hist | edit) ‎[3,185 bytes] ‎Ebasso (talk | contribs) (Created page with "Uma Rule (regra) é um grupo de testes que podem desencadear uma ação se condições específicas forem atendidas. = Artigos = * [https://community.ibm.com/community/user/security/blogs/gladys-koskas1/2022/09/29/everything-you-need-to-know-about-qradar-rules Everything you need to know about QRadar Rules (for beginners and experts)] * [https://github.com/SigmaHQ/sigma (Github) Sigma - Generic Signature Format for SIEM Systems] = Exemplos = {| class="wikitable" |...")
14:45, 19 January 2025 ‎IBM QRadar: Device Support Module (DSM) (hist | edit) ‎[687 bytes] ‎Ebasso (talk | contribs) (Created page with "* [https://github.com/IBM/IBM-QRadar-Universal-Cloud-REST-API/tree/master/Community%20Developed DSM GitHub Community Developed] = Ver também = * Artigos sobre IBM QRadar * Artigos sobre Cloud * Mais Artigos sobre Cloud / WebDev / Tecnologias Category:IBM QRadar")
14:11, 14 January 2025 ‎IBM QRadar: Use Case Manager app (hist | edit) ‎[1,059 bytes] ‎Ebasso (talk | contribs) (Created page with " * [https://www.ibm.com/docs/en/qradar-common?topic=apps-qradar-use-case-manager-app QRadar Use Case Manager app] == Rules== * when the event matches '''this''' AQL filter query : cria Rule que é disparado através do resultado de um query AQL = Ver também = * Artigos sobre Cloud * Mais Artigos sobre Cloud / WebDev / Tecnologias Category:IBM QRadar")
10:13, 13 January 2025 ‎IBM QRadar: Principais Comandos e Arquivos (hist | edit) ‎[2,879 bytes] ‎Ebasso (talk | contribs) (Created page with "= Principais arquivos = A instalação padrão fica no diretório: /opt/qradar/ |- bin/ | |- qchange_netsetup -> Realiza a troca de IP, DNS, ... | |- msgfile.cfg | |- <NODE_NAME> | | | |- [https://..... initparm.cfg] -> variáveis de inicialização | | | |- netmap.cfg -> = Ver também = * Artigos sobre IBM QRadar * Mais Artigos sobre Cloud / WebDev / Tecnologias Category:IBM QRadar") originally created as "IBM QRadar : Principais Comandos e Arquivos"
02:02, 10 January 2025 ‎IBM QRadar (hist | edit) ‎[4,656 bytes] ‎Ebasso (talk | contribs) (Created page with " == Referencias == * [https://www.ibm.com/docs/pt-br/qsip/7.5?topic=deployment-qradar-architecture-overview Visão geral da arquitetura do QRadar] :: Ao planejar ou criar sua implementação do IBM QRadar , é útil ter um bom conhecimento da arquitetura do QRadar para avaliar como os componentes do QRadar podem funcionar em sua rede e, em seguida, planejar e criar sua implementação do QRadar . * [https://www.ibm.com/docs/en/dsm?topic=configuration-qradar-supported-d...")