4 Integrating Logs and Flows in QRadar

When an application is developed, a provision to log the details in it is also developed alongside. Logging is usually used to debug the application while developing as well as to troubleshoot and provide support to it. Every application can have different types of logs. Some of these logs contain security information, such as identity and access management logs, buffer overflow messages, and file tampering. All such logs play an important role in understanding the security risk for an organization.

Consider a scenario where a hacker gains access to a system; the first thing the hacker does is delete or purge the entries in the logs that would alert their unauthorized access to the system. This way, the ...

Get Building a Next-Gen SOC with IBM QRadar now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Building a Next-Gen SOC with IBM QRadar by Ashish M Kothekar, Sandeep Patil

4

Integrating Logs and Flows in QRadar

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly