1. Describe your incident:
We have a central SOC for corporate that is running QRadar and some Azure Sentenial. ideas?
2. Describe your environment:
OS Information: RedHat 8
Graylog: 4.2 single deployment on bare-metal
Service logs, configurations, and environment variables:
#
Processor
Status
1
Message Filter Chain
active
2
Pipeline Processor
active
3
GeoIP Resolver
active
4
AWS Instance Name Lookup
disabled
3. What steps have you already taken to try and solve the problem?
I have tried the only 2 options we have, GELF and STD output, but not sure how to go about such log sending outside of the platform if the remote end does not support GELF.
4. How can the community help?
I would like to check with the community on a way to create an output from Graylog to these SIEM solutions. Any
You can require a free license but the amount of data has to be under 2GB day. If you have an older license you can get a transitional license for the 5 GB day that’s good through the rest of 2022.
I don’t know much about QRadar & Azure Sentenial to be any help.
Thank you very much. That was very helpful. I have tried to understand how much data does my deployment parse per day, but I was not able to tell. There are some data/metric under the indices tab, then also there is some under the overview tab. Any recommendation on how to figure out how much data in GB my systems are sending to Graylog?
That is very much appreciated. I think I’m under 2GB/day so I’ll request a license and see what I can do. Thank you very much for your helpful comments.