You can search for all authentication events that IBM
QRadar received in the last 6
hours.
Procedure
-
Click the Log
Activity tab.
-
On the toolbar, select .
-
In the Time Range pane,
define the
time range for the event search:
-
Click Recent.
-
In the Recent list,
select Last
6 Hours.
-
In
the Search Parameters pane, define
the search parameters:
-
In the first list, select Category [Indexed].
-
In the second list, select Equals to.
-
In the High Level Category list,
select Authentication.
-
In the Low Level Category list,
accept the default value of Any.
-
Click Add Filter.
-
In the Column Definition pane, select Event Name in
the Display list and drag it to the Columns
list.
-
Click Search.