Universal LEEF event map creation
Event mapping is required for the Universal LEEF DSM, because Universal LEEF events do not contain a predefined QRadar Identifier (QID) map to categorize security events.
Members of the SIPP Partner Program have QID maps designed for their network devices, whereby the configuration is documented, and the QID maps are tested by IBM® Corp.
The Universal LEEF DSM requires that you individually map each event for your device to an event category in IBM QRadar. Mapping events allows QRadar to identify, coalesce, and track events that recur from your network devices. Until you map an event, all events that are displayed in the Log Activity tab for the Universal LEEF DSM are categorized as unknown. Unknown events are easily identified as the Event Name column and Low-Level Category columns display Unknown.