Use these sample event messages as a way of verifying a successful integration with QRadar®.
The following tables provide sample event messages for the Cisco Umbrella DSM:
Table 1. Cisco Umbrella sample syslog message
Event name |
Low level category |
Sample log message |
NOERROR |
18081 (DNS In Progress) |
{"sourceFile":"test_2017-11-17-15-30-dcd8.csv.gz","EventType":"DNSLog","Timestamp":"2017-11-17 15:30:27","MostGranularIdentity":"Test","Identities":"Test","InternalIp":"<IP_address>","ExternalIp":"<External_IP_address>","Action":"Allowed","QueryType":"28 (AAAA)","ResponseCode":"NOERROR","Domain":"abc.aws.amazon.com.","Categories":"Ecommerce/Shopping"}
|
Table 2. Cisco Umbrella sample event message
Event name |
Low level category |
Sample log message |
NOERROR |
18081 (DNS In Progress) |
"2015-01-16 17:48:41","ActiveDirectoryUserName","ActiveDirectoryUserName,ADSite,Network","<IP_address1>","<IP_address2>","Allowed","1 (A)","NOERROR","domain-visited.com.","Chat,Photo Sharing,Social Networking,Allow List"
|