Fidelis XPS sample event messages

Use these sample event messages to verify a successful integration with IBM QRadar.

Important: Due to formatting issues, paste the message format into a text editor and then remove any carriage return or line feed characters.

Fidelis XPS sample message when you use the Syslog protocol

The following sample event message is generated when a packet contains excess data.

<13>Dec 23 11:52:05 fidelis.xps.test LEEF:1.0|Fidelis Cybersecurity|direct2500|8.1.3|Packet has excess data| act=alert cs2=https://brtdc-dlpcp1/j/alert.html?7eaa5696-a995-11e5-b197-6cae8b611c2a cs2Label=linkback cs5=0 cs5Label=compression dst=10.89.233.135 dstPort=60228 fname=<n/a> cs4=<n/a> cs4Label=from cs6=default cs6Label=group cs1=DNS Analyzer Policy cs1Label=policy proto=DNS dvc=10.89.213.11 dvchost=brtdc-dlps1.phillips66.net sev=4 src=10.64.55.4 srcPort=53 msg=Packet has excess data devTime=1450889524000 duser=<n/a> usrName=<n/a> target=<n/a>
Table 1. Highlighted values in the Fidelis XPS sample event message
QRadar field name Highlighted values in the event payload
Event ID Packet has excess data
Source IP 10.64.55.4
Source Port 53
Destination IP 10.89.233.135
Destination Port 60228
Username <n/a>