Edge with QRadar

Dan Fisk · May 2023

Wondering if anyone has experience with using Edge to collect Windows host logs and sending them to IBM QRadar. Would appreciate any lessons learned or LSX XML created to account for the format differences.

Brendan Dalpe · June 2023

Hi @Dan Fisk, have you tried a pipeline to convert the events into the WinCollect or Snare syslog formats? This way you don't have to write too much custom parsing on the QRadar side.

This might help you get started:

https://github.com/bdalpe/cribl-rosetta-pack/blob/main/default/pipelines/edge_to_nxlog_json/conf.yml

Maliha Balala · September 2023

This doc might contain helpful tips too: Managing Qradar Licenses

Edge with QRadar

Answers

Categories