Juniper Mist sample event message
Use these sample event messages to verify a successful integration with IBM QRadar.
Important: Due to formatting issues, paste the message format into a text editor and
then remove any carriage return or line feed characters.
Events
The following sample event message shows sample logs collected from Juniper Mist.
Sample
1
{ "topic": "alarms", "events": [ { "aps": [ "5c5b35xxxxxx" ], "bssids": [ "00024axxxxxx", "5c5b3xxxxxx"], "count": 16, "id": "95193bda-1fef-4ea6-xxxx-xxxxxxxxxxxx", "last_seen": 1549068720, "ssids": [ "qwerty", "A-Dot", "xfinity", "alpha" ], "timestamp": 1549068202, "type": "rogue-ap-detected", "update": true, "org_id": "2818e386-8dec-2562-xxxx-xxxxxxxxxxxx", "site_id": "4ac1dcf4-9d8b-7211-xxxx-xxxxxxxxxxxx" } ] }| QRadar field name | Highlighted values in the event payload |
|---|---|
| Event ID | type |
| Device Time | Last_seen |
Sample 2
{ "topic": "audits", "events": [ { "admin_name": "john doe john.doe@juniper.net", "device_id": "00000000-0000-0000-1000-5c5b35xxxxxx", "id": "8e00dd48-b918-4d9b-xxxx-xxxxxxxxxxxx", "message": "Update Device \"Reception\"", "org_id": "2818e386-8dec-2562-xxxx-xxxxxxxxxxx", "site_id": "4ac1dcf4-9d8b-7211-xxxx-xxxxxxxxxxxx", "src_ip": "10.10.10.10", "timestamp": 1549047906.201053 } ] }| QRadar field name | Highlighted values in the event payload |
|---|---|
| Event ID | Message (before \") |
| Source IP | src_ip |
| Username | admin_name |
| Device Time | timestamp |
Sample
3
{ "topic": "client-join", "events": [ { "ap": "5c:5b:35:0e:55:c8", "ap_name": "AP43 Test", "band": "5", "bssid": "5c5b35dfxxxx", "connect": 1592333828, "connect_float": 1592333828.324, "mac": "ac:23:16:ec:a7:0a", "org_id": "6748cfa6-4e12-11e6-xxxx-xxxxxxxxxxx", "rssi": -54, "site_id": "d761985e-49b1-4506-xxxx-xxxxxxxxxxx", "site_name": "Test", "ssid": "Mist", "timestamp": 1592333828, "version": 2, "wlan_id": "6c0c0b07-0d77-44d1-xxxx-xxxxxxxxxxxx" } ] | QRadar field name | Highlighted values in the event payload |
|---|---|
| Event ID | client_join_ap |
| Source MAC | mac |
| Destination MAC | ap |
| Device Time | timestamp |
Sample
4
{"topic":"client-sessions","events":[{"ap":"5c:5b:35:0e:55:c8","ap_name":"AP43 Test","band":"5","bssid":"5c5b352bxxxx","client_family":"iPhone","client_manufacture":"Apple","client_model":"8+","client_os":"13.4.1","connect":1592333548,"connect_float":1592333548.117,"disconnect":1592333828,"disconnect_float":1592333828.589,"duration":279.835049793,"mac":"ac:23:16:ec:a7:0a","next_ap":"5c5b35d0xxxx","org_id":"6748cfa6-4e12-11e6-xxxx-xxxxxxxxxxxx","rssi":-87,"site_id":"d761985e-49b1-4506-xxxx-xxxxxxxxxxx","site_name":"Test","ssid":"Mist","termination_reason":3,"timestamp":1592333828,"version":2,"wlan_id":"6c0c0b07-0d77-44d1-xxxx-xxxxxxxxxxxx"}]}| QRadar field name | Highlighted values in the event payload |
|---|---|
| Event ID | client_session_roamed (topic + termination_reason : 3 (roamed)) |
| Source MAC | mac |
| Destination MAC | ap |
| Device Time | timestamp |
Sample
5
{"topic":"device-events","events":[{"audit_id":"a8ec4d8a-4da6-4ead-xxxx-xxxxxxxxxxx","ap":"5c:5b:35:0e:55:c8","ap_name":"AP41 Near Lab","device_name":"AP41 Near Lab","device_type":"ap/switch/gateway","ev_type":"NOTICE","mac":"ac:23:16:ec:a7:0a","org_id":"2818e386-8dec-2562-xxxx-xxxxxxxxxxxx","reason":"power_cycle","site_id":"4ac1dcf4-9d8b-7211-xxxx-xxxxxxxxxxxx","site_name":"Site 1","text":"event details","timestamp":1461220784,"type":"AP_RESTARTED"}]}| QRadar field name | Highlighted values in the event payload |
|---|---|
| Event ID | type |
| Source MAC | mac |
| Destination MAC | ap |
| Device Time | timestamp |
Sample
6
{"topic":"device-updowns","events":[{"org_id":"2818e386-8dec-2562-xxxx-xxxxxxxxxxxx","site_id":"4ac1dcf4-9d8b-7211-xxxx-xxxxxxxxxxxx","type":"AP_RESTARTED","ap":"5c:5b:35:0e:55:c8","ap_name":"AP01","site_name":"Site1","timestamp":1461220784}]}| QRadar field name | Highlighted values in the event payload |
|---|---|
| Event ID | type |
| Source MAC | ap |
| Device Time | timestamp |
Sample
7
{"topic":"guest-authorizations","events":[{"ap":"5c:5b:35:0e:55:c8","auth_method":"passphrase","authorized_expiring_time":1677076639,"authorized_time":1677076519,"carrier":"docomo","client":"ac:23:16:ec:a7:0a","company":"MIST","email":"abcd@abcd.com","field1":"field1 value","field2":"field2 value","field3":"field3 value","field4":"field4 value","mobile":"+0123456789","name":"Dr Strange","org_id":"1688605f-916a-47a1-xxxx-xxxxxxxxxxxx","site_id":"ec3b5624-73f1-4ed3-xxxx-xxxxxxxxxxxx","sms_gateway":"Telstra","sponsor_email":"sponsor@gmail.com","ssid":"Portal Auth","wlan_id":"7681be9a-044a-4622-xxxx-xxxxxxxxxxxx"}]}| QRadar field name | Highlighted values in the event payload |
|---|---|
| Event ID | guest_authorization_passphrase (topic + auth_method) |
| Source MAC | client |
| Destination MAC | ap |
| Username | name |
| Device Time | authorized_time |
Sample
8
{"topic":"mxedge-events","events":[{"audit_id":"03a65fa8-f74b-4c82-xxxx-xxxxxxxxxxxx","mxcluster_id":"27558fe2-a0e5-4236-xxxx-xxxxxxxxxxxx","mxedge_id":"00000000-0000-0000-1000-xxxxxxxxxxxx","mxedge_name":"ME1","org_id":"dfb3a656-2a21-4ea5-xxxx-xxxxxxxxxxxx","timestamp":"1692974834.308884","type":"ME_CONFIG_CHANGED_BY_USER"}]}| QRadar field name | Highlighted values in the event payload |
|---|---|
| Event ID | type |
| Device Time | timestamp |
Sample
9
{"topic":"location","events":[{"site_id":"4ac1dcf4-9d8b-7211-xxxx-xxxxxxxxxxxx","map_id":"845a23bf-bed9-e43c-xxxx-xxxxxxxxxxxx","x":13.5,"y":3.2,"timestamp":1461220784,"type":"sdk","id":"de87bf9d-183f-e383-xxxx-xxxxxxxxxxxx","name":"optional"}]}| QRadar field name | Highlighted values in the event payload |
|---|---|
| Event ID | location_sdk (topic + type) |
| Source MAC | mac |
| Device Time | timestamp |
Sample
10
{"topic":"occupancy-alerts","events":[{"alert_events":[{"current_occupancy":10,"map_id":"f5d26c7f-1670-4921-xxxx-xxxxxxxxxxxx","occupancy_limit":5,"org_id":"6748cfa6-4e12-11e6-xxxx-xxxxxxxxxxxx","timestamp":1594861457,"type":"COMPLIANCE-VIOLATION","zone_id":"b83312a7-7269-4ae1-xxxx-xxxxxxxxxxxx","zone_name":"PLM and Leadership"},{"current_occupancy":20,"map_id":"f5d26c7f-1670-4921-xxxx-xxxxxxxxxxxx","occupancy_limit":10,"org_id":"6748cfa6-4e12-11e6-xxxx-xxxxxxxxxxxx","timestamp":1594861457,"type":"COMPLIANCE-VIOLATION","zone_id":"80acf542-e863-43cf-xxxx-xxxxxxxxxxxx","zone_name":"CSQA"},{"current_occupancy":9,"map_id":"f5d26c7f-1670-4921-xxxx-xxxxxxxxxxxx","occupancy_limit":4,"org_id":"6748cfa6-4e12-11e6-xxxx-xxxxxxxxxxxx","timestamp":1594861457,"type":"COMPLIANCE-VIOLATION","zone_id":"a4c7a7c2-880e-4a0e-xxxx-xxxxxxxxxxxx","zone_name":"Marketing & Sales Ops"}],"site_id":"67970e46-4e12-11e6-xxxx-xxxxxxxxxxxx","site_name":"MIST OFFICE"}]}| QRadar field name | Highlighted values in the event payload |
|---|---|
| Event ID | type |
| Device Time | timestamp |
Note: Occupancy Alert Logs sample event generates three different
events.
Sample 11
{"topic":"rssizone","events":[{"mac":"ac:23:16:ec:a7:0a","map_id":"f5d26c7f-1670-4921-xxxx-xxxxxxxxxxxx","rssizone_id":"e38f8e76-40db-4144-xxxx-xxxxxxxxxxxx","site_id":"f5fcbee5-fbca-45b3-xxxx-xxxxxxxxxxxx","timestamp":1694158990.986472,"trigger":"enter","type":"wifi"}]}| QRadar field name | Highlighted values in the event payload |
|---|---|
| Event ID | rssizone_enter_wifi (topic + trigger + type) |
| Source MAC | mac |
| Device Time | timestamp |
Sample
12
{"events":[{"connection_ap":"5c:5b:35:0e:55:c8","connection_band":"2.4","connection_bssid":"5c5b35xxxxxx","connection_channel":11,"connection_rssi":-87,"last_seen":1592333828,"mac":"ac:23:16:ec:a7:0a","scan_data":[{"ap":"5c5b35xxxxxx","band":"2.4","bssid":"5c5b35xxxxxx","channel":11,"rssi":-87,"ssid":"mist-wifi","timestamp":1592333828},{"ap":"5c5b35xxxxxx","band":"5","bssid":"5c5b35xxxxxx","channel":36,"rssi":-75,"ssid":"mist-wifi","timestamp":1592333828}],"site_id":"d761985e-49b1-4506-xxxx-xxxxxxxxxxxx"}],"topic":"sdkclient-scan-data"}| QRadar field name | Highlighted values in the event payload |
|---|---|
| Event ID | topic |
| Source MAC | mac |
| Destination MAC | connection_ap |
| Device Time | Last_seen |
Sample
13
{"topic":"vbeacon","events":[{"mac":"ac:23:16:ec:a7:0a","map_id":"5a8b84e6-cc7b-xxxx-xxxxxxxxxxxx","site_id":"f5fcbee5-fbca-45b3-xxxx-xxxxxxxxxxxx","timestamp":1694166602.662786,"trigger":"enter","type":"wifi","vbeacon_id":"ca301fd7-07af-4d42-xxxx-xxxxxxxxxxxx"}]}| QRadar field name | Highlighted values in the event payload |
|---|---|
| Event ID | virtual_beacon_enter_wifi (virtual_beacon + trigger + type) |
| Source MAC | mac |
| Device Time | timestamp |
Sample
14
{"topic":"zone","events":[{"mac":"ac:23:16:ec:a7:0a","map_id":"5a8b84e6-cc7b-xxxx-xxxxxxxxxxxx","site_id":"f5fcbee5-fbca-45b3-xxxx-xxxxxxxxxxxx","timestamp":1694166602.662786,"trigger":"exit","type":"wifi","zone_id":"b83312a7-7269-4ae1-xxxx-xxxxxxxxxxxx "}]}| QRadar field name | Highlighted values in the event payload |
|---|---|
| Event ID | zone_exit_wifi (topic + trigger + type) |
| Source MAC | mac |
| Device Time | timestamp |