Removing leading domain names from usernames when Cisco ASA events are processed
If you want to change the way that IBM® QRadar® processes Cisco Adaptive Security Appliance (ASA) events, use the DSM Editor to remove leading domain names from usernames.
By default, Cisco ASA events include leading domain names in usernames.
- On the Admin tab, in the Data Sources section, click DSM Editor.
- From the Select Log Source Type window, select Cisco Adaptive Security Appliance (ASA) from the list, and then click Select.
- Click the Configuration tab, and then set Display DSM Parameters Configuration to on.
- From the Event Collector list, select the event collector for the log source.
- Set Remove leading domain name from username to on.
- Click Save and then close the DSM Editor.