Skip to main content
Question

Edge with QRadar

  • March 11, 2025
  • 2 replies
  • 28 views
D

Wondering if anyone has experience with using Edge to collect Windows host logs and sending them to IBM QRadar. Would appreciate any lessons learned or LSX XML created to account for the format differences.

    2 replies

    B

    Hi @Dan Fisk, have you tried a pipeline to convert the events into the WinCollect or Snare syslog formats? This way you don't have to write too much custom parsing on the QRadar side.

    This might help you get started:

    https://github.com/bdalpe/cribl-rosetta-pack/blob/main/default/pipelines/edge_to_nxlog_json/conf.yml

    M

    This doc might contain helpful tips too: Managing Qradar Licenses

    Terms & ConditionsAccessibility statement