QRadar: AQL Tutorial Part 1. Documentation and basic syntax.

Name: QRadar: AQL Tutorial Part 1. Documentation and basic syntax.
Uploaded: Jul 7, 2016
Duration: 580 s

Jose Bravo21.1K subscribers

19.6K views

Jul 7, 2016

9:40

Special Thanks to Mutaz Alsallal (IBM Poland) for the material shown here. Here are some of the AQL commands so you can copy/paste: select * from events START '2016-06-07 10:29:00' STOP '2016-06-07 13:53:00' SELECT * FROM events WHERE magnitude BETWEEN 1 AND 5 SELECT * FROM events WHERE sourceip = '192.168.60.56' and destinationip != '64.4.44.76' START '2016-06-07 10:29:00' STOP '2016-06-07 13:53:00' select * from events where not INCIDR('9.128.28.0/24',sourceip) SELECT qidname(qid), * FROM events WHERE qidname(qid) ILIKE '%logon%' START '2016-06-07 10:29:00' STOP '2016-06-07 13:53:00'

Download

1 formats

Video Formats

360pmp412.9 MB

Download

Right-click 'Download' and select 'Save Link As' if the file opens in a new tab.