/
QRadar

QRadar

Owned by Noga Aviram (Unlicensed)
Last updated: Mar 30, 2022
1 min read

Description

Config Example

Description

Config Example

Designated for Windows Event Logs.

{name: "qradartrans", type: "transform", configuration: "{\n \"mapping\": {\n \"@timestamp\": {\n \"column\": \"date\"\n },\n \"log.level\": {\n \"column\": \"type\"\n },\n \"message\": {\n \"column\": \"y\"\n },\n \"event.code\": {\n \"column\": \"x\"\n },\n \"event.provider\": {\n \"column\": \"category\"\n },\n \"event.kind\": {\n \"const\": \"event\"\n },\n \"event.created\": {\n \"column\": \"date\"\n }\n }\n}"}

QRadar

The data flow should be defined with the ‘QRadar’ condition, inside the relevant forwarder:

Output: The target receives the win event logs in a LEEF format (a customized event format for QRadar).

 

Related content

Data Flow Transformers
Data Flow Transformers
XPLG
More like this
JSON Formatter
JSON Formatter
XPLG
More like this
CSV Formatter
CSV Formatter
XPLG
Read with this
CEF Formatter
CEF Formatter
XPLG
More like this
Delimited Formatter
Delimited Formatter
XPLG
Read with this
Syslog Forwarder
Syslog Forwarder
XPLG
More like this