Map a MEG event to its equivalent in the QRadar®
QID map so the MEG event is categorized and processed by QRadar.
Procedure
- From the QRadar Console, check the log activity,
and then add a log source filter.
The
event is displayed in the Log
Activity.
- Open the event, and on the Log Activity tab, click Map
Event.
- Enter the QID to map the event.
Use the following event mappings for the QID.
| Event |
Log source type |
Category |
QID |
| MaaS360® MEG Password Authentication Success |
IBM® MaaS360 Mobile Enterprise Gateway |
MEG_AUTH |
1002750002 |
| MaaS360 MEG Password Authentication Failure |
IBM MaaS360 Mobile Enterprise Gateway |
MEG_AUTH |
1002750003 |
| MaaS360 MEG Certificate Authentication Success |
IBM MaaS360 Mobile Enterprise Gateway |
MEG_AUTH |
1002750007 |
| MaaS360 MEG Certificate Authentication Failure |
IBM MaaS360 Mobile Enterprise Gateway |
MEG_AUTH |
1002750008 |
| MaaS360 MEG Resource Authentication Success |
IBM MaaS360 Mobile Enterprise Gateway |
MEG_AUTH |
1002750006 |
| MaaS360 MEG Resource Authentication Failure |
IBM MaaS360 Mobile Enterprise Gateway |
MEG_AUTH |
1002750004 |
The
new log activities are displayed.
- Repeat steps 1 to 3 to map extra log events.