Cylancedata from the log activities not populating.
- Ensure searches are filtered by Log Source Type ofCylanceand/or Log Source of CylanceRemoteSyslog.
- Ensure the CylanceRemoteSyslog Log Source is configured following syslog configuration.
- Ensure proper network configuration.
- ClickTest Connectionhyperlink in theCylancetenant. You should see Test Connection Successful.
- Ensure port is open to receive syslog data. For example, assuming 6514 is being used,netstat - an | grep 6514.
- Ensure no network or host firewalls are blocking traffic. Layer 7 firewalls may need to be told to expect TLS/SSL traffic.
- Use a packet sniffer such as Wireshark to verify the connection is made and data is passed.
- Inspect QRadar error logs in/var/log/qradar.errorto look for any TLS and/or network related messages.