Alibaba ActionTrail sample event message

Use this sample event message as a way of verifying a successful integration with IBM® QRadar®.

The following sample event message shows Logon to the Alibaba Cloud Management console.

{"eventId":"2542222-2222-2222-2222-500d4449 ****","eventVersion":1,"eventSource":"http://account.test.com/test/login_aliyun.htm","sourceIpAddress":"10.0.0.1","userAgent":"Mozilla/5.0 (iPhone; CPU iPhone OS 15_0 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Mobile/11111 Ariver/1.1.0 AliApp(AP/10.2.28.6000) AlipayClient/10.2.11.6000 Language/zh-Hans Region/CN","eventType":"ConsoleSignin","userIdentity":{"accountId":"11122223333***","principalId":"11122223333***","type":"root-account","userName":"test"},"serviceName":"Customer","additionalEventData":{"loginAccount":"user1","isMFAChecked":"false"},"extend":"2","requestId":"111111-6b56-2222-5555-500d8d25***","eventTime":"2021-01-01T00:00:00Z","isGlobal":true,"acsRegion":"cn-abcd","eventName":"ConsoleSignin"}

Table 1. Highlighted values in the Alibaba ActionTrail sample event
QRadar field name	Highlighted payload field name
Event ID	consoleSignin
Username	test
Source IP	10.0.0.1
Device Time	2021-01-01T00:00:00Z (1 January 2021, 00:00:00 UTC)