McAfee Network Security Platform sample event messages

Use these sample event messages to verify a successful integration with IBM® QRadar®.

Important: Due to formatting issues, paste the message format into a text editor and then remove any carriage return or line feed characters.

McAfee Network Security Platform sample messages when you use the Syslog protocol

Sample 1: The following sample event message shows that an HTTP login brute force is detected.

<116>Feb 7 11:06:51 SyslogAlertForwarder: |5915530749831189905|Signature|2014-02-07 11:06:49 EST|"HTTP: HTTP Login Bruteforce Detected"|0x0040256b|Medium|Unknown|High|My Company|USILSS501|G3/2|192.168.0.5|0|10.0.1.2|80|Unknown|brute-force

Table 1. Highlighted QRadar fields and highlighted payload data
QRadar field name	Highlighted payload data
Date	2014-02-07 11:06:49 EST
Event ID	0x0040256b
Source IP	192.168.0.5
Destination IP	10.0.1.2
Destination Port	80

Sample 2: The following sample event message shows that a user account is created.

<109>Mar 26 07:48:49 mcafee.test: User Account Creation succeeded at 2020-03-26 07:48:49 CET

Table 2. Highlighted QRadar fields and highlighted payload data
QRadar field name	Highlighted payload data
Date	2020-03-26 07:48:49 CET
Event ID	User Account Creation succeeded