Forcepoint V-Series Data Security Suite sample event message

Use this sample event message to verify a successful integration with IBM® QRadar®.

Important: Due to formatting issues, paste the message format into a text editor and then remove any carriage return or line feed characters.

Forcepoint V-Series Data Security Suite sample message when you use the Syslog protocol

The following sample event message shows that a protected cloud app request was forwarded.

<159>Jul 21 14:38:55 forcepoint.vseries.test LEEF:1.0|Forcepoint|Security|8.5.0|transaction:permitted|sev=1	cat=147	usrName=-	loginID=-	src=	srcPort=54983	srcBytes=1773	dstBytes=1819	dst=	dstPort=443	proxyStatus-code=200	serverStatus-code=200	duration=152	method=POST	disposition=1069	contentType=text/xml; charset\=UTF-8	reason=-	policy=-	role=8	userAgent=Google Update/;winhttp;cup-ecdsa	url=https://update.domain.test/service/update2?cup2key\=10:1538947168&cup2hreq\=c1111111ce111111111111e1a111c1111d1ca111f11a1cf1efbb11b1111111a1 logRecordSource=OnPrem 
Table 1. QRadar field names and highlighted values in the event payload
QRadar field name Highlighted values in the event payload
Event ID The Event ID is mapped from the disposition value of 1069 .
Event Category The Event Category is mapped from the cat value of 147 .
Source IP
Source Port 54983
Destination IP
Destination Port 443
Severity 1
Device Time Jul 21 14:38:55