F5 Networks BIG-IP ASM sample event message
Use this sample event message to verify a successful integration with the QRadar® product.
Important: Due to formatting issues, paste the message format into a text editor and
then remove any carriage returns or line feed characters.
F5 Networks BIG-IP ASM sample message when you use the syslog connector
The following sample event message shows a distributed attack event.
<134>Jul 25 11:47:52 f5networks.asm.test ASM:software_version="14.1.0",current_mitigation="alarm",unit_hostname="f5networks.asm.test",management_ip_address="10.192.138.11",management_ip_address_2="",operation_mode="Transparent",date_time="2019-07-25 11:41:38",policy_apply_date="2019-07-23 15:24:21",policy_name="/Common/extranet_sonstige",vs_name="/Common/extranet-t.qradar.example.test_443",anomaly_attack_type="Distributed Attack",uri="/qradar.example.test",attack_status="ongoing",detection_mode="Number of Failed Logins Increased",severity="Emergency",mitigated_entity_name="username",mitigated_entity_value="exnyjtgk",mitigated_ipaddr_geo="N/A",attack_id="2508639270",mitigated_entity_failed_logins="0",mitigated_entity_failed_logins_threshold="3",mitigated_entity_total_mitigations="0",mitigated_entity_passed_challenges="0",mitigated_entity_passed_captchas="0",mitigated_entity_rejected_logins="0",leaked_username_login_attempts="0",leaked_username_failed_logins="0",leaked_username_time_of_last_login_attempt="2497667872",normal_failed_logins="78",detected_failed_logins="70",failed_logins_threshold="100",normal_login_attempts="91",detected_login_attempts="78",login_attempts_matching_leaked_credentials="0",total_mitigated_login_attempts="60",total_client_side_integrity_challenges="0",total_captcha_challenges="0",total_blocking_page_challenges="0",total_passed_client_side_integrity_challenges="0",tota_passed_captcha_challenges="0",total_drops="0",total_successful_mitigations="0",protocol="HTTPS",login_attempts_matching_leaked_credentials_threshold="100",login_stress="73"