Question & Answer
Question
How does QRadar define an Event?
Answer
In QRadar, an Event is a message that we receive and process from some log source. Most log sources are devices on your network creating log for occurrences of actions and that are then received by QRadar. Thus an Event represents the log of some particular action on this device at a point in time. Examples of such actions include:
- SSH login on a UNIX server
- VPN connection to a VPN device
- Firewall Deny logged by your perimeter firewall
Events are received from your log sources by your event collectors and they are processed by the QRadar event pipeline at the license rate. If enabled, multiple events can be coalesced into one based on their shared attributes. For more information about coalescing, see Technote 1622709: How does coalescing work in QRadar.
Where do you find more information?
[{"Product":{"code":"SSBQAC","label":"IBM Security QRadar SIEM"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Component":"Events","Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"Version Independent","Edition":"","Line of Business":{"code":"LOB24","label":"Security Software"}}]
Historical Number
ben
Was this topic helpful?
Document Information
Modified date:
16 June 2018
UID
swg21984517