Supported Honeycomb FIM event types logged by QRadar
The Honeycomb FIM DSM for IBM QRadar can collect events from several event categories.
Each event category contains low-level events that describe the action that is taken within the event category. For example, file rename events might have a low-level category of either file rename successful or file rename failed.
The following list defines the event categories that are collected by QRadar for Honeycomb file integrity events:
- Baseline events
- Open file events
- Create file events
- Rename file events
- Modify file events
- Delete file events
- Move file events
- File attribute change events
- File ownership change events
QRadar can also collect Windows and other log files that are forwarded from Honeycomb Lexicon. However, any event that is not a file integrity event might require special processing by a custom log source type or a log source extension in QRadar.