Tuesday, August 9, 2022

QRadar: Ariel query for getting related remote IPs in an offense

AQL query for getting remote ip addresses which is related with specific offense:

select distinct destinationip from events where INOFFENSE(633) TIMES OFFENSE_TIME(633) AND eventdirection IN ('L2R', 'R2R') 


Posted by at
Labels:

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)