Cisco Secure Workload sample event message

Use this sample event message as a way of verifying a successful integration with QRadar.

Important: Due to formatting issues, paste the message format into a text editor and then remove any carriage return or line feed characters.

Cisco Secure Workload sample message when you use the Syslog protocol

The following sample event message shows an alert that detects that the agent is not reachable. This alert triggers when the agent has not communicated with the Secure Workload cluster.

<4>2023-08-23T05:42:59Z cisco.secureworkload.test Tetration Alert[20]: [WARNING] {"keyId":"ENF::1111111aaaaaaa-agent_not_reachable","eventTime":"1692769304000","alertTime":"1692769380596","alertText":"Agent Not Reachable: test-nodepool1-1234-vmss000002","severity":"MEDIUM","tenantId":"123456","type":"ENFORCEMENT","alertDetails":"{\"details\":{\"AgentType\":\"ENFORCER\",\"Bios\":\"11111111-0582-4D63-B138-111111111\",\"CurrentVersion\":\"3.7.1.40-enforcer\",\"DesiredVersion\":\"3.8.1.1-enforcer\",\"HostName\":\"example-nodepool1-1234-vmss000002\",\"IP\":\"10.0.0.1 (Gateway IP)\",\"Platform\":\"Ubuntu-18.04\"},\"agent_uuid\":\"1111111aaaaaaa\",\"scope_name\":\"CSW-TME\",\"scope_id\":\"111111111\",\"vrf_id\":123456}","rootScopeId":"111111111"} 
Table 1. Highlighted fields
QRadar field name Highlighted payload field value
Event ID Agent Not Reachable
Severity Medium
Source IP 10.0.0.1
Device Time Wednesday August 23, 2023 05:42:59 (am) in time zone UTC (UTC)