Juniper Junos WebApp Secure sample event message
Use this sample event message to verify a successful integration with IBM QRadar.
Important: Due to formatting issues, paste the message format into a text editor and
then remove any carriage return or line feed characters.
Juniper Junos WebApp Secure sample message when you use the Syslog protocol
The following sample event message shows a failed login.
Jun 8 23:55:56 demo [INFO][mws-security-alert][Thread-4336050] MKS_Category="Security Incident" MKS_Type="Missing Host Header" MKS_Severity="2" MKS_ProfileName="profile_name" MKS_SrcIP="10.154.42.194" MKS_pubkey="YRnxm8SHts7mlQPIYFGk" MKS_useragent="" MKS_url="http://localhost:80/" MKS_count="1"
| QRadar field name | Highlighted payload field name |
|---|---|
| Event ID | MKS_Type |
| Event Category | In QRadar, the value is JuniperMykonosWebSecurity. |
| Source IP | MKS_SrcIP |
| Username | MKS_ProfileName |