IBM Security Privileged Identity Manager sample event message

Use this sample event message as a way of verifying a successful integration with QRadar®.

The following table provides a sample event message when you use the JDBC protocol for the IBM® Security Privileged Identity Manager DSM:

Event name Low-level category Sample log message

CredentialLease Management GetPassword SUCCESS

Information

Table 1. IBM Security Privileged Identity Manager sample message supported by the IBM Security Privileged Identity DSM.
Event name	Low-level category	Sample log message
CredentialLease Management GetPassword SUCCESS	Information	ID: "4988747757478318080" EVENT_CATEGORY: "CredentialLeaseManagement" ENTITY_NAME: "suser1" RESOURCE_NAME: "PIM 202 Data Tier" ENTITY_DN: "erglobalid=8684147307608490000,ou=credentials,ou=credCatalog,erglobalid=00000000000000000000,ou=ibm,dc=com" ENTITY_TYPE: "Credential" ACTION: "GetPassword" INITIATOR_NAME: "user" INITIATOR_DN: "eruid=user,ou=systemUser,ou=itim,ou=ibm,dc=com" CONTAINER_NAME: "USWest" CONTAINER_DN: "erglobalid=3874502227230100000,ou=orgChart,erglobalid=00000000000000000000,ou=ibm,dc=com" RESULT_SUMMARY: "SUCCESS" TIMESTAMP: "2018-10-05 17:17:05:320 GMT" POOL_NAME: "" LEASE_DN: "" LEASE_EXPIRATION_TIME: "" JUSTIFICATION: "" COMMENTS: "null" TIMESTAMP2: "null" IDP_NAME: "" SESSION_ID: "" TARGET: "" CLIENT_IP: "" RECORDING_ID: "" CRED_TYPE: "PASSWORD"

ID: "4988747757478318080" EVENT_CATEGORY: "CredentialLeaseManagement" ENTITY_NAME: "suser1" RESOURCE_NAME: "PIM 202 Data Tier" ENTITY_DN: "erglobalid=8684147307608490000,ou=credentials,ou=credCatalog,erglobalid=00000000000000000000,ou=ibm,dc=com" ENTITY_TYPE: "Credential" ACTION: "GetPassword" INITIATOR_NAME: "user" INITIATOR_DN: "eruid=user,ou=systemUser,ou=itim,ou=ibm,dc=com" CONTAINER_NAME: "USWest" CONTAINER_DN: "erglobalid=3874502227230100000,ou=orgChart,erglobalid=00000000000000000000,ou=ibm,dc=com" RESULT_SUMMARY: "SUCCESS" TIMESTAMP: "2018-10-05 17:17:05:320 GMT" POOL_NAME: "" LEASE_DN: "" LEASE_EXPIRATION_TIME: "" JUSTIFICATION: "" COMMENTS: "null" TIMESTAMP2: "null" IDP_NAME: "" SESSION_ID: "" TARGET: "" CLIENT_IP: "" RECORDING_ID: "" CRED_TYPE: "PASSWORD"