Wondering if anyone has experience with using Edge to collect Windows host logs and sending them to IBM QRadar. Would appreciate any lessons learned or LSX XML created to account for the format differences.
Page 1 / 1
Hi @Dan Fisk, have you tried a pipeline to convert the events into the WinCollect or Snare syslog formats? This way you don't have to write too much custom parsing on the QRadar side.
This might help you get started:
https://github.com/bdalpe/cribl-rosetta-pack/blob/main/default/pipelines/edge_to_nxlog_json/conf.yml
This doc might contain helpful tips too: Managing Qradar Licenses
Reply
Login to the community
No account yet? Create an account
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.