QRadar

Owned by Noga Aviram (Unlicensed)
Last updated: Mar 30, 2022
1 min read

Description

Config Example

Description

Config Example

Designated for Windows Event Logs.

{name: "qradartrans", type: "transform", configuration: "{\n \"mapping\": {\n \"@timestamp\": {\n \"column\": \"date\"\n },\n \"log.level\": {\n \"column\": \"type\"\n },\n \"message\": {\n \"column\": \"y\"\n },\n \"event.code\": {\n \"column\": \"x\"\n },\n \"event.provider\": {\n \"column\": \"category\"\n },\n \"event.kind\": {\n \"const\": \"event\"\n },\n \"event.created\": {\n \"column\": \"date\"\n }\n }\n}"}

QRadar

The data flow should be defined with the ‘QRadar’ condition, inside the relevant forwarder:

Output: The target receives the win event logs in a LEEF format (a customized event format for QRadar).