IBM Security Verify sample event messages

Use these sample event messages to verify a successful integration with IBM® QRadar®.

The following table provides sample event messages when you use the IBM Security Verify Event Service connector for the IBM Security Verify data source type.
Table 1. IBM Security Verify sample messages supported by IBM Security Verify.
Event name Low-level category Sample log message
Created IP Client Success Create activity succeeded
{
  "geoip": {
    "continent_name": "North America",
    "as_org": "AMAZON-02",
    "city_name": "Saint John",
    "country_iso_code": "CAN",
    "ip": "10.11.111.111",
    "country_name": "Canada",
    "region_name": "New Brunswick",
    "location": {
      "lon": "-65.860879",
      "lat": "44.972686"
    },
    "asn": 11111
  },
  "data": {
    "result": "success",
    "api_grant_type": "authorization_code",
    "clientid": "aaaa1111-5cc7-45d9-b8ad-bbbb2222",
    "performedby": "123400SAAA",
    "performedby_type": "user",
    "resource": "api_client",
    "origin": "10.0.4.1",
    "performedby_username": "username@ca.example.com",
    "action": "created",
    "devicetype": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:121.0) Gecko/20100101 Firefox/121.0",
    "performedby_realm": "www.example.com",
    "target": "Sample app"
  },
  "year": 2024,
  "event_type": "management",
  "month": 1,
  "indexed_at": 1705605751362,
  "tenantid": "88465b1f-e4c2-4e7e-b03e-421c03301806",
  "tenantname": "username.verify.example.com",
  "correlationid": "CORR_ID-AK22a0103e-9ef9-4273-8947-aab0a5d85271",
  "servicename": "apisecurity",
  "id": "ssss3333-aa44-ff44-83e3-aaaaaa222222",
  "time": 1705605751055,
  "day": 18
}
SSO Login Success User Login Success
{
  "geoip": {
    "continent_name": "North America",
    "as_org": "AMAZON-02",
    "city_name": "Saint John",
    "country_iso_code": "Canada",
    "country_iso_code": "CAN",
    "ip": "10.11.111.111",
    "country_name": "Canada",
    "region_name": "New Brunswick",
    "location": {
      "lon": "-65.860879",
      "lat": "44.972686"
    },
    "asn": 11111
  },
  "data": {
    "result": "success",
    "subtype": "saml",
    "providerid": "example.com",
    "origin": "2001:db8:ffff:ffff:ffff:ffff:ffff:ffff",
    "realm": "cloudIdentityRealm",
    "samlassertion": "1111111111111111",
    "applicationid": "2222222222222222222",
    "userid": "333B3B33BB",
    "applicationtype": "Box",
    "devicetype": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:109.0) Gecko/20100101 Firefox/115.0",
    "username": "username",
    "applicationname": "SMGAdaptiveAccessBox"
  },
  "year": 2023,
  "event_type": "sso",
  "month": 7,
  "indexed_at": 1689692204024,
  "tenantid": "3cc33c3-3c33-3c33-c3c3-33c33ccc3c3",
  "tenantname": "name.ite1.idng.example.com",
  "correlationid": "CORR_ID-DD44d44d44-444d-44d4-d444-444dd4444fd4",
  "servicename": "saml_runtime",
  "id": "5e55e5e5-e555-555-555-5e55e5e5e55e",
  "time": 1689692192869,
  "day": 18
}
MFA Login Success User Login Success
{
  "geoip": {
    "continent_name": "North America",
    "as_org": "AMAZON-02",
    "city_name": "Saint John",
    "country_iso_code": "Canada",
    "country_iso_code": "CAN",
    "ip": "10.11.111.111",
    "country_name": "Canada",
    "region_name": "New Brunswick",
    "location": {
      "lon": "-65.860879",
      "lat": "44.972686"
    },
    "asn": 11111
  },
  "data": {
    "result": "success",
    "mfamethod": "Voice OTP",
    "subtype": "mfa",
    "subject": "503R3T76MX",
    "origin": "2001:DB8:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF",
    "realm": "cloudIdentityRealm",
    "sourcetype": "clouddirectory",
    "mfadevice": "22222222222",
    "devicetype": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:109.0) Gecko/20100101 Firefox/115.0",
    "username": "bbbbbbb",
    "target": "https://tenantname.ite1.idng.example.com/saml/sps/auth?stateid=a1a1a1a1-a1a1-a1a1-a1a1-a1a1a1a1a1"
  },
  "year": 2023,
  "event_type": "authentication",
  "month": 7,
  "indexed_at": 1689692204022,
  "tenantid": "3ccc333c3-3c33-3c33-c3c3-333c33ccc3c3",
  "tenantname": "tenantname.ite1.idng.example.com",
  "correlationid": "CORR_ID-DD4d24ddd44-ddd4-4444-444-d444ddd4dd4",
  "servicename": "authsvc",
  "id": "e5555555-555e-55ee-5555-5ee5e5e555e5",
  "time": 1689692191331,
  "day": 18
}