The Fidelis XPS DSM for IBM® QRadar® accepts events that are forwarded in Log Event Extended Format (LEEF) from Fidelis XPS appliances by using syslog.
QRadar can collect all relevant alerts that are triggered by policy and rule violations that are configured on your Fidelis XPS appliance.
Event type format
Fidelis XPS must be configured to generate events in Log Event Extended Format (LEEF) and forward these events by using syslog. The LEEF format consists of a pipe ( | ) delimited syslog header, and tab separated fields that are positioned in the event payload.
If the syslog events forwarded from your Fidelis XPS are not formatted in LEEF format, you must examine your device configuration or software version to ensure that your appliance supports LEEF. Properly formatted LEEF event messages are automatically discovered and added as a log source to QRadar.