Discovering unknown events

This procedure ensures that you map all event types and that you do not miss events that are not generated frequently, repeat this procedure several times over a period.

Procedure

  1. Log in to QRadar.
  2. Click the Log Activity tab.
  3. Click Add Filter.
  4. From the first list, select Log Source.
  5. From the Log Source Group list, select the log source group or Other.

    Log sources that are not assigned to a group are categorized as Other.

  6. From the Log Source list, select your McAfee Web Gateway log source.
  7. Click Add Filter.

    The Log Activity tab is displayed with a filter for your log source.

  8. From the View list, select Last Hour.

    Any events that are generated by the McAfee Web Gateway DSM in the last hour are displayed. Events that are displayed as Unknown in the Event Name column or Low Level Category column require event mapping.

    Note: You can save your existing search filter by clicking Save Criteria.

    You are now ready to modify the event map.