Topic
No replies
Asadz
Asadz
42 Posts
ACCEPTED ANSWER

Pinned topic How to audit sytem / web-users investigating suspicious activity?

‏2013-05-20T17:20:43Z |

I see some suspicious activity associated with the user of Qradar system , web-ui and console ssh access. Is there any way i can find the ip / user name of person logged in to the system lets say past 24 hours?

Like in linux i remember there was a LAST -r commands to show list of users who logged onto the system, does qradar application stores logins info in some sort of file / or log to query.

 

Thanks