Use this command to modify a Splunk subscription.
Example: Disable a subscription
Example: Edit the subsystems included in a webhook subscription
Set-CASplunkEventSubscription -Connection $connection -SubscriptionId cd87b774-8e65-46e1-8520-da478c60c4c3 -Subsystems $newSubsystems
Use this command to remove a Splunk subscription.
The ID of the subscription to remove. This parameter is required if the Subscription parameter is not specified. Use the Get-CASplunkEventSubscriptions command to find the ID. |
Remove-CASplunkEventSubscription -Connection $connection -SubscriptionId $subscriptionId
IMPORTANT: To ensure that QRadar can read and present Change Auditor events, you need to import the extension created during the subscription creation or with the New-CAQRadarExtension command.
If prompted that the extension is not signed, select Install. When prompted to overwrite or keep existing data, select Overwrite. |
|
1 |
2 |
5 |
Click Next to select the events to forward based on subsystem and event date. Once the subscription is created the starting event date and time cannot be changed. |
• |
By default, events start sending after the subscription is created. To change when to begin sending events, click Send events starting and select the desired date and time. The time cannot be more than 30 days prior to the Change Auditor installation date. |
6 |
Click Next to create the required extension to import to your QRadar instance. The extension instructs QRadar on how to read and present Change Auditor events. Specifically, it defines the log source (coordinator) and maps Change Auditor event columns to QRadar event columns. |
NOTE: If you have previously configured your QRadar instance for Change Auditor, you can select My QRadar instance is already configured and click Finish to complete the subscription setup. |
7 |
Specify the file path and name for the file and click Generate extension. |
8 |
Click OK in the confirmation dialog. Copy the file path to import the extension to your QRadar instance. |
9 |
Click Finish. |
1 |
1 |
2 |
Right-click the required subscription and click Generate Extension. |
3 |
Specify the file path and name for the file and click Generate file. |
4 |
Click OK in the confirmation dialog. |
1 |
6 |
Click Finish. |
1 |
1 |
2 |
Click Refresh. |
© ALL RIGHTS RESERVED. 使用条款 隐私 Cookie Preference Center