IBM MaaS360 Security sample event message

Use this sample event message to verify a successful integration with IBM QRadar.

Important: Due to formatting issues, paste the message format into a text editor and then remove any carriage return or line feed characters.

IBM MaaS360 Security sample message when you use the IBM Fiberlink REST API protocol

The following sample event message shows that a Change Policy is executed for OS versions in IBM® MaaS360® Security.

LEEF:1.0|IBM|Fiberlink MaaS360|1.0|OS Versions|cat=Change Policy - Executed     usrName=test 1  devTime=2014-05-08T07:29:26Z    devTimeFormat=yyyy-MM-dd&aaaa;T&aaaa;HH:mm:ss&aaaa;Z&aaaa;      ruleset=1040 psr kr rule        platformName=aAA        deviceName=Aaaaaa&aaaa;s iAaa aaaaa     rule=OS Versions        action=Change Policy    actionStatus=Executed   maas360DeviceID=AaaaA1AAAAAAAA1
Table 1. Highlighted values in the IBM MaaS360 Security event
QRadar field name Highlighted values in the payload
Event ID OS Versions
Event Category Change Policy - Executed
Username test 1