Arbor Networks Pravail sample event message

Use this sample event message to verify a successful integration with IBM QRadar.

Important: Due to formatting issues, paste the message format into a text editor and then remove any carriage return or line feed characters.

Arbor Networks Pravail sample message when you use the Syslog protocol

The following sample event message shows that a malformed SIP traffic is blocked.

<25>May 15 17:17:31 arbornetworks.pravail.test arbor-networks-aps: Blocked Host: Blocked host 192.168.124.175 at 05:16 by Block Malformed SIP Traffic using UDP/5060 (SIP) destination 192.168.161.35 source port 5060,URL: https://arbornetworks.pravail.test/summary/
Table 1. Highlighted values in the Arbor Pravail sample event
QRadar field name Highlighted values in the event payload
Event ID Block Malformed SIP Traffic
Event Category Blocked Host
Source IP 192.168.124.175
Source Port 5060
Destination IP 192.168.161.35
Destination Port 5060
Device Time May 15 17:17:31