IBM Security Verify sample event messages

Use these sample event messages to verify a successful integration with IBM QRadar.

Important: Due to formatting issues, paste the message format into a text editor and then remove any carriage return or line feed characters.

IBM Security Verify sample messages when you use the IBM Security Verify Event Service protocol

The following table describes the sample event messages for the IBM® Security Verify Event Service protocol.

Table 1. Sample event messages for the IBM Security Verify DSM Event Service protocol
Event name Low-level category Sample log message
Created IP Client Success Create activity succeeded
{
  "geoip": {
    "continent_name": "North America",
    "as_org": "AMAZON-02",
    "city_name": "Saint John",
    "country_iso_code": "CAN",
    "ip": "10.11.111.111",
    "country_name": "Canada",
    "region_name": "New Brunswick",
    "location": {
      "lon": "-65.860879",
      "lat": "44.972686"
    },
    "asn": 11111
  },
  "data": {
    "result": "success",
    "api_grant_type": "authorization_code",
    "clientid": "aaaa1111-5cc7-45d9-b8ad-bbbb2222",
    "performedby": "123400SAAA",
    "performedby_type": "user",
    "resource": "api_client",
    "origin": "10.0.4.1",
    "performedby_username": "username@ca.example.com",
    "action": "created",
    "devicetype": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:121.0) Gecko/20100101 Firefox/121.0",
    "performedby_realm": "www.example.com",
    "target": "Sample app"
  },
  "year": 2024,
  "event_type": "management",
  "month": 1,
  "indexed_at": 1705605751362,
  "tenantid": "88465b1f-e4c2-4e7e-b03e-421c03301806",
  "tenantname": "username.verify.example.com",
  "correlationid": "CORR_ID-AK22a0103e-9ef9-4273-8947-aab0a5d85271",
  "servicename": "apisecurity",
  "id": "ssss3333-aa44-ff44-83e3-aaaaaa222222",
  "time": 1705605751055,
  "day": 18
}
SSO Login Success User login success
{
  "geoip": {
    "continent_name": "North America",
    "as_org": "AMAZON-02",
    "city_name": "Saint John",
    "country_iso_code": "Canada",
    "country_iso_code": "CAN",
    "ip": "10.11.111.111",
    "country_name": "Canada",
    "region_name": "New Brunswick",
    "location": {
      "lon": "-65.860879",
      "lat": "44.972686"
    },
    "asn": 11111
  },
  "data": {
    "result": "success",
    "subtype": "saml",
    "providerid": "example.com",
    "origin": "2001:db8:ffff:ffff:ffff:ffff:ffff:ffff",
    "realm": "cloudIdentityRealm",
    "samlassertion": "1111111111111111",
    "applicationid": "2222222222222222222",
    "userid": "333B3B33BB",
    "applicationtype": "Box",
    "devicetype": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:109.0) Gecko/20100101 Firefox/115.0",
    "username": "username",
    "applicationname": "SMGAdaptiveAccessBox"
  },
  "year": 2023,
  "event_type": "sso",
  "month": 7,
  "indexed_at": 1689692204024,
  "tenantid": "3cc33c3-3c33-3c33-c3c3-33c33ccc3c3",
  "tenantname": "name.ite1.idng.example.com",
  "correlationid": "CORR_ID-DD44d44d44-444d-44d4-d444-444dd4444fd4",
  "servicename": "saml_runtime",
  "id": "5e55e5e5-e555-555-555-5e55e5e5e55e",
  "time": 1689692192869,
  "day": 18
}
MFA Login Success User login success
{
  "geoip": {
    "continent_name": "North America",
    "as_org": "AMAZON-02",
    "city_name": "Saint John",
    "country_iso_code": "Canada",
    "country_iso_code": "CAN",
    "ip": "10.11.111.111",
    "country_name": "Canada",
    "region_name": "New Brunswick",
    "location": {
      "lon": "-65.860879",
      "lat": "44.972686"
    },
    "asn": 11111
  },
  "data": {
    "result": "success",
    "mfamethod": "Voice OTP",
    "subtype": "mfa",
    "subject": "503R3T76MX",
    "origin": "2001:DB8:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF",
    "realm": "cloudIdentityRealm",
    "sourcetype": "clouddirectory",
    "mfadevice": "22222222222",
    "devicetype": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:109.0) Gecko/20100101 Firefox/115.0",
    "username": "bbbbbbb",
    "target": "https://tenantname.ite1.idng.example.com/saml/sps/auth?stateid=a1a1a1a1-a1a1-a1a1-a1a1-a1a1a1a1a1"
  },
  "year": 2023,
  "event_type": "authentication",
  "month": 7,
  "indexed_at": 1689692204022,
  "tenantid": "3ccc333c3-3c33-3c33-c3c3-333c33ccc3c3",
  "tenantname": "tenantname.ite1.idng.example.com",
  "correlationid": "CORR_ID-DD4d24ddd44-ddd4-4444-444-d444ddd4dd4",
  "servicename": "authsvc",
  "id": "e5555555-555e-55ee-5555-5ee5e5e555e5",
  "time": 1689692191331,
  "day": 18
}