Microsoft Security Event Log over MSRPC log source parameters for Microsoft Windows Security Event Log
If QRadar® does not automatically detect the log source, add a Microsoft Windows Security Event Log log source on the QRadar Console by using the Microsoft Security Event Log over MSRPC protocol.
When using the Microsoft Security Event Log over MSRPC protocol, there are specific parameters that you must use.
The following table describes the parameters that require specific values to collect Microsoft Security Event Log over MSRPC events from Microsoft Windows Security Event Log:
| Parameter | Value |
|---|---|
| Log Source type | Microsoft Windows Security Event Log |
| Protocol Configuration | Microsoft Security Event Log over MSRPC |
| Log Source Identifier |
Type the IP address or host name for the log source as an identifier for events from your Microsoft Windows Security Event Log devices. |
For a complete list of Microsoft Security Event Log over MSRPC protocol parameters and their values, see Microsoft Security Event Log over MSRPC Protocol.