Removing leading domain names from usernames when Cisco ASA events are processed

If you want to change the way that IBM® QRadar® processes Cisco Adaptive Security Appliance (ASA) events, use the DSM Editor to remove leading domain names from usernames.

By default, Cisco ASA events include leading domain names in usernames.

Procedure

  1. On the Admin tab, in the Data Sources section, click DSM Editor.
  2. From the Select Log Source Type window, select Cisco Adaptive Security Appliance (ASA) from the list, and then click Select.
  3. Click the Configuration tab, and then set Display DSM Parameters Configuration to on.
  4. From the Event Collector list, select the event collector for the log source.
  5. Set Remove leading domain name from username to on.
  6. Click Save and then close the DSM Editor.