Map the MEG event in the QRadar Console

Follow these steps to map a MEG event to its equivalent in the QRadar® QID map so the MEG event can be categorized and processed by QRadar.

Procedure

  1. From the QRadar Console, check the log activity, and then add a log source filter.
    Add Filter screen
    The event is displayed in the Log Activity.
    Log Activity events
  2. Open the event, and then click Map Event.
    Mapping events in the Log Activity window
  3. Enter the QID to map the event.
    Use the following event mappings for the QID:
    Event Log source type Category QID
    MaaS360 MEG Password Authentication Success IBM MaaS360 Mobile Enterprise Gateway MEG_AUTH 1002750002
    MaaS360 MEG Password Authentication Failure IBM MaaS360 Mobile Enterprise Gateway MEG_AUTH 1002750003
    MaaS360 MEG Certificate Authentication Success IBM MaaS360 Mobile Enterprise Gateway MEG_AUTH 1002750007
    MaaS360 MEG Certificate Authentication Failure IBM MaaS360 Mobile Enterprise Gateway MEG_AUTH 1002750008
    MaaS360 MEG Resource Authentication Success IBM MaaS360 Mobile Enterprise Gateway MEG_AUTH 1002750006
    MaaS360 MEG Resource Authentication Failure IBM MaaS360 Mobile Enterprise Gateway MEG_AUTH 1002750004
    Mapping a QID to an event
    The new logs are displayed.
    New log activity in QRadar Portal
  4. Repeat steps 1 through 3 to map additional log events.
    Log event list