JDBC log source parameters for Sophos PureMessage

If QRadar does not automatically detect the log source, add a Sophos PureMessage log source on the QRadar Console by using the JDBC protocol.

When using the JDBC protocol, there are specific parameters that you must use.

The following table describes the parameters that require specific values to collect JDBC events from Sophos:
Table 1. JDBC log source parameters for the Sophos PureMessage DSM
Parameter Value
Log Source type Sophos PureMessage
Protocol Configuration JDBC
Log Source Identifier

Type a name for the log source. The name can't contain spaces and must be unique among all log sources of the log source type that is configured to use the JDBC protocol.

If the log source collects events from a single appliance that has a static IP address or host name, use the IP address or host name of the appliance as all or part of the Log Source Identifier value; for example, 192.168.1.1 or JDBC192.168.1.1. If the log source doesn't collect events from a single appliance that has a static IP address or host name, you can use any unique name for the Log Source Identifier value; for example, JDBC1, JDBC2.

Database Type MSDE
Database Name Type savexquar.
Table Name Type siem_view as the name of the table or view that includes the event records.
Compare Field Type ID.
Note: You must refer to the database configuration settings on your Sophos PureMessage device to define the parameters that are required to configure the Sophos PureMessage DSM in QRadar.

For a complete list of JDBC protocol parameters and their values, see JDBC protocol configuration options.