IC4NOTICE: developerWorks Community will be offline May 29-30, 2015 while we upgrade to the latest version of IBM Connections. For more information, read our upgrade FAQ.
No replies
55 Posts

Pinned topic How to audit sytem / web-users investigating suspicious activity?

‏2013-05-20T17:20:43Z |

I see some suspicious activity associated with the user of Qradar system , web-ui and console ssh access. Is there any way i can find the ip / user name of person logged in to the system lets say past 24 hours?

Like in linux i remember there was a LAST -r commands to show list of users who logged onto the system, does qradar application stores logins info in some sort of file / or log to query.