QMLA Missing Logs Alert
QMLA Missing Logs Alert for IBM Security QRadar SIEM is an application that notifies users about Log Sources that have stopped sending events.
QMLA uses QRadar log source groups and allows specifying a timeout for each group individually. Notifications are generated and sent via a set of rules shipped with the application.
QMLA provides users with comprehensive information about Log Sources that have stopped sending events including Log Source Name, Log Source Type, Log Source Group, the last time events seen from this Log Source, etc.
QRadar Native Alternatives
QRadar provides notifications about Log Source groups that have stopped sending logs, but it requires a separate custom rule to be implemented for each group. QRadar native notifications for idle groups do not contain specific Log Source name, which makes it hard for administrators to identify it quickly.
Open Source / Apache 2.
IBM App Exchange
Available as a complimentary app within a commercial tool purchase.
More about ScienceSoft's Cybersecurity Services and Solutions
Security Information and Event Management
IBM QRadar Tools: Deployment & Environment
IBM QRadar SIEM
IBM QRadar Tools: MITRE ATT&CK
IBM QRadar Tools: Analytics & Reporting
IBM QRadar Tools: Data Integration