Generate Demo Log Events for QRadar CE 7.3.1
In my previous blog , we installed QRadar Community Edition (QCE) 7.3.1 on CentOS 7.5 server step-by-step but there’s no logs, flows and offenses. As a next step, we need to bring in log events into QRadar in order to – 1) Understand its working 2) Demonstrate security scenarios and QRadar’s working 3) Test custom/pre-built rules In this blog, we’ll generate some logs. To do so we need two items – 1) logrun.pl tool to generate the events 2) Sample log files Jose Bravo is an IBM Expert in QRadar SIEM. He has shared lots of great videos on his youTube channel https://www.youtube.com/user/jbravovideos . We’ll use some of his resources from here - https://ibm.ent.box.com/s/ich0yyiw54y0ek6s9a66xvtjku8e42rc . Let’s download demo.zip file. Let’s copy the file in QRadar machine using FileZilla in “/store” folder. Now, connect to QRadar server and unzip the demo.zip file.