we have a Qradar SIEM which we plan to extend to Elastic for threat hunting(Log Forwarding from Qradar to Elastic)
Has anyone found any success with it. Any known shortcomings/pitfalls from the setup.
QRadar can forward logs without any problem, you just need to choose how to forward it.
I do not use QRadar anymore, but I would recommend that you forward already in json to logstash, it will give you less work if need or want to transform your data before sending to elasticsearch.
1 Like
thank you for your comment 
Yes that do i want exactly but i don't know how i can do this.
Welcome to our community! 
Please don't add unrelated tags to your topics in future 
1 Like
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.