How to Use QRadar to Search for a Windows Account Activities

Log into https://qradar/console/qradar/jsp/QRadar.jsp

Log Activity > Add Filter > Parameter=Username[Indexed] | Operator=Equals any of | Value=”UserName” > click on ‘+’ sign > click Add Filter

Click on View > Selection An Option = Last 24 hours

Wait for progress to complete > view through any resulting item

Leave a Reply

Your email address will not be published. Required fields are marked *