IBM Support

QRadar: What are Events (Definition)

Question & Answer


How does QRadar define an Event?


In QRadar, an Event is a message that we receive and process from some log source. Most log sources are devices on your network creating log for occurrences of actions and that are then received by QRadar. Thus an Event represents the log of some particular action on this device at a point in time. Examples of such actions include:

  • SSH login on a UNIX server
  • VPN connection to a VPN device
  • Firewall Deny logged by your perimeter firewall

Events are received from your log sources by your event collectors and they are processed by the QRadar event pipeline at the license rate. If enabled, multiple events can be coalesced into one based on their shared attributes. For more information about coalescing, see Technote 1622709: How does coalescing work in QRadar.

Where do you find more information?

[{"Product":{"code":"SSBQAC","label":"IBM Security QRadar SIEM"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Component":"Events","Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"Version Independent","Edition":"","Line of Business":{"code":"LOB24","label":"Security Software"}}]

Historical Number


Document Information

Modified date:
16 June 2018