QRadar: AQL Tutorial Part 1. Documentation and basic syntax.
Special Thanks to Mutaz Alsallal (IBM Poland) for the material shown here.
Here are some of the AQL commands so you can copy/paste:
select * from events START '2016-06-07 10:29:00' STOP '2016-06-07 13:53:00'
SELECT * FROM events WHERE magnitude BETWEEN 1 AND 5
SELECT * FROM events WHERE sourceip = '192.168.60.56' and destinationip != '64.4.44.76' START '2016-06-07 10:29:00' STOP '2016-06-07 13:53:00'
select * from events where not INCIDR('9.128.28.0/24',sourceip)
SELECT qidname(qid), * FROM events WHERE qidname(qid) ILIKE '%logon%' START '2016-06-07 10:29:00' STOP '2016-06-07 13:53:00'
Видео QRadar: AQL Tutorial Part 1. Documentation and basic syntax. канала Jose Bravo
Here are some of the AQL commands so you can copy/paste:
select * from events START '2016-06-07 10:29:00' STOP '2016-06-07 13:53:00'
SELECT * FROM events WHERE magnitude BETWEEN 1 AND 5
SELECT * FROM events WHERE sourceip = '192.168.60.56' and destinationip != '64.4.44.76' START '2016-06-07 10:29:00' STOP '2016-06-07 13:53:00'
select * from events where not INCIDR('9.128.28.0/24',sourceip)
SELECT qidname(qid), * FROM events WHERE qidname(qid) ILIKE '%logon%' START '2016-06-07 10:29:00' STOP '2016-06-07 13:53:00'
Видео QRadar: AQL Tutorial Part 1. Documentation and basic syntax. канала Jose Bravo
Показать
Комментарии отсутствуют
Информация о видео
Другие видео канала
Use Case Manager App 2 3 Part OneVery Cool Browser Extension For Saving Web PagesQNI YARA and Coblat Strike Part TwoVPC Flows from AWS in QRadarQRadar: Detecting beaconingConfiguring the QRadar BigFix App for Inventory and HashesQradar App Exchange v7 2 6Integration Example: Quarantine from QRadar to XGSQRadar Network ActivityBeing more proactive with QRadar - Threat Intell AppQNI's Value even in Azure Cloud. ERRATA in the Video DescriptionBlocking All Traffic From Bad Countries Part 1 IntroTwo short topics on Log4J videosMy Take on the Value of UBA in QRadarQRadar Modern UI Updated. Performance Improved a lot!Content Transfer AppUnknown, parsed but not Mapped AWS exampleCisco Firepower AppQRadar monitoring itselfWhere did the Log Source Management App go?WannaCry Part 3 via STIX/TAXII