tag:blogger.com,1999:blog-7303400454979750101.post8388041257433026643..comments2024-03-28T06:49:56.390-07:00Comments on Learning by practicing: QRadar - Threat Intelligence On The Cheap - Creating the rule to detect IPs in the SecurityNik_DNS_DarklistNik Alleyne, MSc | CISSP | GC|IA|IH|REM|PENhttp://www.blogger.com/profile/10282323977269843041noreply@blogger.comBlogger2125tag:blogger.com,1999:blog-7303400454979750101.post-41846866685512665662015-06-24T05:33:52.168-07:002015-06-24T05:33:52.168-07:00Teja,
For what I know you will not be able to send...Teja,<br />For what I know you will not be able to send an email for the individual offense. However, you can send an email when the "event" is seen. For example, if you would like user Abc123 to receive an email anytime someone at 1.1.1.1 logs in to 2.2.2.2 then yes this is doable. <br /><br />Let me know if this helps, if not provide me with a bit more details on what you are trying to do and we will see if we can build the rule or maybe I would create a post showing you how to do it.<br /><br />NikNik Alleyne, MSc | CISSP | GC|IA|IH|REM|PENhttps://www.blogger.com/profile/10282323977269843041noreply@blogger.comtag:blogger.com,1999:blog-7303400454979750101.post-18037930708377634372015-06-23T01:46:45.485-07:002015-06-23T01:46:45.485-07:00Hi Nik Alleyne,
I am your daily readear of your b...Hi Nik Alleyne,<br /><br />I am your daily readear of your blog, Learn by practicing really good.<br /><br />I have one doubt in qradar please clarify on the same:<br /><br />I need to send email notification for a user from a offence(Event) not a QRadar user.<br /><br />In Detail:<br /><br />When offence generated in that we have offence details like <br />SourceIP : 1.1.1.1,<br />DestinationIP: 2.2.2.2<br />Source Username(From Event): Abc123<br /><br />What i want to do means i want to send email notification to the username(Abc123) from the event. From Qradar itself..?<br /><br />Email notification like He or She accesed this URL or Malicious site depends upon the rule that we are creating.<br /><br />IS IT POSSIBLE IN QRADAR..?<br /><br />Thanks in advance.<br /><br />Teja R<br />Teja Ramachandranhttps://www.blogger.com/profile/14357930785923790931noreply@blogger.com