Creation of an event map for McAfee Web Gateway events
Event mapping is needed for events that are collected from McAfee Web Gateway v7.0.0 and later, which are identified as Unknown and not covered by the base QID map.
You can individually map each event for your device to an event category in IBM QRadar. Mapping events allows QRadar to identify, coalesce, and track recurring events from your network devices. Until you map an event, some events that are displayed in the Log Activity tab for McAfee Web Gateway are categorized as Unknown, and some events might be already assigned to an existing QID map. Unknown events are easily identified as the Event Name column and Low Level Category columns display Unknown.