/
QRadar
QRadar
- Noga Aviram (Unlicensed)
Owned by Noga Aviram (Unlicensed)
Description | Config Example |
|---|---|
Designated for Windows Event Logs. | {name: "qradartrans", type: "transform", configuration: "{\n \"mapping\": {\n \"@timestamp\": {\n \"column\": \"date\"\n },\n \"log.level\": {\n \"column\": \"type\"\n },\n \"message\": {\n \"column\": \"y\"\n },\n \"event.code\": {\n \"column\": \"x\"\n },\n \"event.provider\": {\n \"column\": \"category\"\n },\n \"event.kind\": {\n \"const\": \"event\"\n },\n \"event.created\": {\n \"column\": \"date\"\n }\n }\n}"} |
QRadar
The data flow should be defined with the ‘QRadar’ condition, inside the relevant forwarder:
Output: The target receives the win event logs in a LEEF format (a customized event format for QRadar).
, multiple selections available,
Related content
CSV Formatter
CSV Formatter
Read with this
JSON Formatter
JSON Formatter
Read with this
Delimited Formatter
Delimited Formatter
Read with this
Fields Schema
Fields Schema
Read with this
Data Flow Transformers
Data Flow Transformers
Read with this
Socket Forwarder
Socket Forwarder
More like this