Cisco Secure Workload sample event message
Use this sample event message as a way of verifying a successful integration with QRadar.
Important: Due to formatting issues, paste the message format into a text editor and
then remove any carriage return or line feed characters.
Cisco Secure Workload sample message when you use the Syslog protocol
The following sample event message shows an alert that detects that the agent is not reachable. This alert triggers when the agent has not communicated with the Secure Workload cluster.
<4>2023-08-23T05:42:59Z cisco.secureworkload.test Tetration Alert[20]: [WARNING] {"keyId":"ENF::1111111aaaaaaa-agent_not_reachable","eventTime":"1692769304000","alertTime":"1692769380596","alertText":"Agent Not Reachable: test-nodepool1-1234-vmss000002","severity":"MEDIUM","tenantId":"123456","type":"ENFORCEMENT","alertDetails":"{\"details\":{\"AgentType\":\"ENFORCER\",\"Bios\":\"11111111-0582-4D63-B138-111111111\",\"CurrentVersion\":\"3.7.1.40-enforcer\",\"DesiredVersion\":\"3.8.1.1-enforcer\",\"HostName\":\"example-nodepool1-1234-vmss000002\",\"IP\":\"10.0.0.1 (Gateway IP)\",\"Platform\":\"Ubuntu-18.04\"},\"agent_uuid\":\"1111111aaaaaaa\",\"scope_name\":\"CSW-TME\",\"scope_id\":\"111111111\",\"vrf_id\":123456}","rootScopeId":"111111111"}
QRadar field name | Highlighted payload field value |
---|---|
Event ID | Agent Not Reachable |
Severity | Medium |
Source IP | 10.0.0.1 |
Device Time | Wednesday August 23, 2023 05:42:59 (am) in time zone UTC (UTC) |