qradar

About this tag
Discussions tagged with qradar on WindowsForum.com focus on using IBM QRadar for security monitoring and log analysis in Windows environments. Topics include investigating suspicious login events, such as Event ID 4624, and correlating them with external IPs from Microsoft datacenters. Users analyze QRadar logs to detect potential fraudulent connections to Exchange servers, often cross-referencing threat intelligence sources like IP quality scores. The tag covers practical troubleshooting of QRadar rules and false positive identification in enterprise IT security contexts.
  1. K

    Fraudulent IP connections to my exchange server? False positive or?

    Hello dear friends. I wanted to ask you about some logs that from my exchange server which i catch with qradar. They are all with qid: 5000830 or eventid:4624 which is a successful login to a server or anything. I use a rule which tells me if someone logs in to the exchange server from an...
Back
Top