Question & Answer
How does QRadar define an Event?
In QRadar, an Event is a message that we receive and process from some log source. Most log sources are devices on your network creating log for occurrences of actions and that are then received by QRadar. Thus an Event represents the log of some particular action on this device at a point in time. Examples of such actions include:
- SSH login on a UNIX server
- VPN connection to a VPN device
- Firewall Deny logged by your perimeter firewall
Events are received from your log sources by your event collectors and they are processed by the QRadar event pipeline at the license rate. If enabled, multiple events can be coalesced into one based on their shared attributes. For more information about coalescing, see Technote 1622709: How does coalescing work in QRadar.
Where do you find more information?
Was this topic helpful?
16 June 2018