Forcepoint V-Series Data Security Suite sample event message
Use this sample event message to verify a successful integration with IBM QRadar.
Important: Due to formatting issues, paste the message format into a text editor and
then remove any carriage return or line feed characters.
Forcepoint V-Series Data Security Suite sample message when you use the Syslog protocol
The following sample event message shows that a protected cloud app request was forwarded.
<159>Jul 21 14:38:55 forcepoint.vseries.test LEEF:1.0|Forcepoint|Security|8.5.0|transaction:permitted|sev=1 cat=147 usrName=- loginID=- src=10.104.165.142 srcPort=54983 srcBytes=1773 dstBytes=1819 dst=172.16.9.3 dstPort=443 proxyStatus-code=200 serverStatus-code=200 duration=152 method=POST disposition=1069 contentType=text/xml; charset\=UTF-8 reason=- policy=- role=8 userAgent=Google Update/1.3.35.452;winhttp;cup-ecdsa url=https://update.domain.test/service/update2?cup2key\=10:1538947168&cup2hreq\=c1111111ce111111111111e1a111c1111d1ca111f11a1cf1efbb11b1111111a1 logRecordSource=OnPrem | QRadar field name | Highlighted values in the event payload |
|---|---|
| Event ID | The Event ID is mapped from the disposition value of 1069 . |
| Event Category | The Event Category is mapped from the cat value of 147 . |
| Source IP | 10.104.165.142 |
| Source Port | 54983 |
| Destination IP | 172.16.9.3 |
| Destination Port | 443 |
| Severity | 1 |
| Device Time | Jul 21 14:38:55 |