01-29-2021 07:58 AM
Hello all
i have created an event stream and configured the queue on siem to collect events. i was able to verify that events are being collected using Ruby tool.
Also on my eventcollector i was able to see communication with cisco AMP on tcpdump.
However i do not see any logs on QRADAR siem.
The error i see "No events received in 10 minutes. If Automatically Manage Event Stream is set to "No", the Queue Name might be invalid."
Any thoughts on this issue ?
08-21-2024 03:34 AM
Old post but will give it a try, did you solve this?
08-21-2024 04:44 AM
Considering the event stream was verified with another tool, this appears to be a configuration issue/error on the Qradar side. I'd suggest asking for their support if it is not working properly once the stream has been verified.
Thanks,
-Matt
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide