Join members of the IBM Security QRadar Team on August 24th for the next QRadar Open Mic webcast where we talk about Log Source Extensions. During this session, we will be discussing how log source extensions work, how to write extensions, tips, and taking your questions. This session is not only an opportunity to learn about log source extensions, but also to provide feedback directly to developers, support, and product management about your experiences. During this session we will not be troubleshooting specific customer tickets or regex issues, but teaching and talking about extensions.
- Topic: Let's talk about Log Source Extensions (LSXs)
- Date: Monday, August 24, 2015
- Time: 11:00 AM EDT (12:00 AT, 15:00 UTC or UTC -4 hours) for ~60 minutes
- Links to dial-in & webcast info: http://www.ibm.com/support/docview.wss?uid=swg27046276
- Notes: To listen to the audio, you must join the phone conference.
- Video playlist (YouTube): https://www.youtube.com/playlist?list=PLFip581NcL2XgKVHE3ayAS9JqI9u6dwAV.
Preliminary list of topics we plan to discuss:
- About log source extensions
- When to use log source extensions (Custom Event Properties vs using an Extension)
- Looking at an example payload
- LSX structure, limitations, & requirements
- Creating QID Map Entries (qidmap_cli.sh)
- Mapping events
- Discussion & Questions
Note: This topic list may change depending on the volume of questions and how the discussion goes. Since this is a live presentation, we may divert from the slides to discuss topics from the online chat.
The videos are posted to YouTube playlist at the following URL: https://www.youtube.com/playlist?list=PLFip581NcL2XgKVHE3ayAS9JqI9u6dwAV.
Let's talk about Log Source Extensions (LSXs)
- Video 1: Introduction & about
- Video 2: Getting source data
- Video 3: LSX structure
- Video 4: Identity
- Video 5: Limitations and tips
- Video 6: Uploading and mapping events
- Video 7: Q&A / discussion (Coming soon)