QMLA Missing Logs Alert

QMLA Missing Logs Alert for IBM Security QRadar SIEM is an application that notifies users about Log Sources that have stopped sending events.

QMLA uses QRadar log source groups and allows specifying a timeout for each group individually. Notifications are generated and sent via a set of rules shipped with the application.

QMLA provides users with comprehensive information about Log Sources that have stopped sending events including Log Source Name, Log Source Type, Log Source Group, the last time events seen from this Log Source, etc.

QRadar Native Alternatives

QRadar provides notifications about Log Source groups that have stopped sending logs, but it requires a separate custom rule to be implemented for each group. QRadar native notifications for idle groups do not contain specific Log Source name, which makes it hard for administrators to identify it quickly.

License

Open Source / Apache 2.

IBM App Exchange

Available as a complimentary app within a commercial tool purchase.