JDBC log source parameters for Sophos PureMessage for Microsoft Exchange

If QRadar does not automatically detect the log source, add a Sophos PureMessage log source on the QRadar Console by using the JDBC protocol.

When using the JDBC protocol, there are specific parameters that you must use.

The following table describes the parameters that require specific values to collect JDBC events from Sophos:

Table 1. JDBC log source parameters for the Sophos PureMessage for Microsoft Exchange DSM
Parameter	Value
Log Source type	Sophos PureMessage
Protocol Configuration	JDBC
Log Source Identifier	Type the identifier for the log source. Type the log source identifier in the following format: `<Sophos PureMessage Database>@<Sophos PureMessage Database Server IP or Host Name>` Where: <`Sophos PureMessage Database`> is the database name, as entered in the Database Name parameter. <`Sophos PureMessage Database Server IP or Host Name`> is the hostname or IP address for this log source, as entered in the IP or Hostname parameter. When defining a name for your log source identifier, you must use the values of the Database and Database Server IP address or host name of the Sophos PureMessage device.
Database Type	Postgres
Database Name	Type `pmx_quarantine`.
Table Name	Type `siem_view` as the name of the table or view that includes the event records.
Compare Field	Type `ID`.

Note: You must refer to the Configure Database Settings on your Sophos PureMessage to define the parameters required to configure the Sophos PureMessage DSM in QRadar.

For a complete list of JDBC protocol parameters and their values, see JDBC protocol configuration options.