IBM MaaS360 Security sample event message
Use this sample event message to verify a successful integration with IBM QRadar.
Important: Due to formatting issues, paste the message format into a text editor and
then remove any carriage return or line feed characters.
IBM MaaS360 Security sample message when you use the IBM Fiberlink REST API protocol
The following sample event message shows that a Change Policy is executed for OS versions in IBM® MaaS360® Security.
LEEF:1.0|IBM|Fiberlink MaaS360|1.0|OS Versions|cat=Change Policy - Executed usrName=test 1 devTime=2014-05-08T07:29:26Z devTimeFormat=yyyy-MM-dd&aaaa;T&aaaa;HH:mm:ss&aaaa;Z&aaaa; ruleset=1040 psr kr rule platformName=aAA deviceName=Aaaaaa&aaaa;s iAaa aaaaa rule=OS Versions action=Change Policy actionStatus=Executed maas360DeviceID=AaaaA1AAAAAAAA1
QRadar field name | Highlighted values in the payload |
---|---|
Event ID | OS Versions |
Event Category | Change Policy - Executed |
Username | test 1 |