Fidelis XPS sample event messages
Use these sample event messages to verify a successful integration with IBM QRadar.
Important: Due to formatting issues, paste the message format into a text editor and
then remove any carriage return or line feed characters.
Fidelis XPS sample message when you use the Syslog protocol
The following sample event message is generated when a packet contains excess data.
<13>Dec 23 11:52:05 fidelis.xps.test LEEF:1.0|Fidelis Cybersecurity|direct2500|8.1.3|Packet has excess data| act=alert cs2=https://brtdc-dlpcp1/j/alert.html?7eaa5696-a995-11e5-b197-6cae8b611c2a cs2Label=linkback cs5=0 cs5Label=compression dst=10.89.233.135 dstPort=60228 fname=<n/a> cs4=<n/a> cs4Label=from cs6=default cs6Label=group cs1=DNS Analyzer Policy cs1Label=policy proto=DNS dvc=10.89.213.11 dvchost=brtdc-dlps1.phillips66.net sev=4 src=10.64.55.4 srcPort=53 msg=Packet has excess data devTime=1450889524000 duser=<n/a> usrName=<n/a> target=<n/a>
QRadar field name | Highlighted values in the event payload |
---|---|
Event ID | Packet has excess data |
Source IP | 10.64.55.4 |
Source Port | 53 |
Destination IP | 10.89.233.135 |
Destination Port | 60228 |
Username | <n/a> |