Not receiving logs in IBM QRadar – Help Center

Problem

You have configured the SecurityScorecard app to send logs to IBM QRadar, but you are not receiving any logs. Despite following the setup instructions in the documentation, no issues from SecurityScorecard are appearing in your SIEM.

Solution

Try the following steps to troubleshoot and resolve the issue:

1. Check the app.log file

If the app.log file contains the following messages:

Wrote Portfolio overall score  
Wrote 0 factors for portfolio  
Wrote 0 issues for portfolio

It means that no data has been ingested into the SecurityScorecard app, which is why logs are not appearing in IBM QRadar.

2. Update the configuration settings

Ensure that your configuration settings are updated as follows:

Portfolio IDs: Enter "All" to monitor scorecards from all portfolios.
Date Offset for Scorecard Event Log: Change this value to 30 instead of the default 3.

This will allow logs from the past 30 days to be pulled, in case there have been any recent changes in your company’s scorecards.

3. Verify ingestion by setting all configurations to "yes"

If logs are still not appearing, change all relevant configuration settings to 'yes' and allow up to approximately 2 hours for data to be received in the IBM QRadar app. If logs do not appear within this timeframe, proceed with further troubleshooting.

4. Contact support if the issue persists

If you still do not receive logs after applying these recommendations, please submit a support ticket for further investigation.