Log source mapping in QRadar

To monitor the trigger frequency of firewall rules and enable topology event searches, IBM QRadar Risk Manager identifies IBM QRadar log sources. By understanding firewall rules, you can maintain firewall efficiency and prevent security risks.

A maximum of 255 devices can be mapped to a log source in QRadar Risk Manager, but devices can have multiple log sources.

Log source mapping display options

If you configured your network device as a QRadar log source, the Configuration Monitor page displays one of the following entries in the Log Source column:

Auto-Mapped - If QRadar Risk Manager identifies and maps the log source to the device automatically.
Username - If an administrator manually added or edited a log source.
Blank - If QRadar Risk Manager is unable to identify a log source for the device, the Log Source column shows no value. You can manually create a log source mapping.

For more information about configuring log sources, see the IBM QRadar DSM Configuration Guide.