Arbor Networks Pravail sample event message
Use this sample event message to verify a successful integration with IBM QRadar.
Important: Due to formatting issues, paste the message format into a text editor and
then remove any carriage return or line feed characters.
Arbor Networks Pravail sample message when you use the Syslog protocol
The following sample event message shows that a malformed SIP traffic is blocked.
<25>May 15 17:17:31 arbornetworks.pravail.test arbor-networks-aps: Blocked Host: Blocked host 192.168.124.175 at 05:16 by Block Malformed SIP Traffic using UDP/5060 (SIP) destination 192.168.161.35 source port 5060,URL: https://arbornetworks.pravail.test/summary/
QRadar field name | Highlighted values in the event payload |
---|---|
Event ID | Block Malformed SIP Traffic |
Event Category | Blocked Host |
Source IP | 192.168.124.175 |
Source Port | 5060 |
Destination IP | 192.168.161.35 |
Destination Port | 5060 |
Device Time | May 15 17:17:31 |