Arbor Networks Pravail sample event message
Use this sample event message to verify a successful integration with IBM® QRadar®.
Important: Due to formatting issues, paste the message format into a text editor and then remove any carriage return or line feed characters.
Arbor Networks Pravail sample message when you use the Syslog protocol
The following sample event message shows that a malformed SIP traffic is blocked.
<25>May 15 17:17:31 arbornetworks.pravail.test arbor-networks-aps: Blocked Host: Blocked host 192.168.124.175 at 05:16 by Block Malformed SIP Traffic using UDP/5060 (SIP) destination 192.168.161.35 source port 5060,URL: https://arbornetworks.pravail.test/summary/
|QRadar field name||Highlighted values in the event payload|
|Event ID||Block Malformed SIP Traffic|
|Event Category||Blocked Host|
|Device Time||May 15 17:17:31|