Juniper Junos WebApp Secure sample event message

Use this sample event message to verify a successful integration with IBM QRadar.

Important: Due to formatting issues, paste the message format into a text editor and then remove any carriage return or line feed characters.

Juniper Junos WebApp Secure sample message when you use the Syslog protocol

The following sample event message shows a failed login.

Jun 8 23:55:56 demo [INFO][mws-security-alert][Thread-4336050] MKS_Category="Security Incident" MKS_Type="Missing Host Header" MKS_Severity="2" MKS_ProfileName="profile_name" MKS_SrcIP="10.154.42.194" MKS_pubkey="YRnxm8SHts7mlQPIYFGk" MKS_useragent="" MKS_url="http://localhost:80/" MKS_count="1"
Table 1. Highlighted fields in the Juniper Junos WebApp Secure sample event
QRadar field name Highlighted payload field name
Event ID MKS_Type
Event Category In QRadar, the value is JuniperMykonosWebSecurity.
Source IP MKS_SrcIP
Username MKS_ProfileName