Question & Answer
Question
Does QRadar have examples of log source extensions?
Answer
QRadar in versions before 7.2.8, payload parsing adjustments for a Log Source DSM required a Log Source Extension. The Log source extension was used in conjunction to the DSM or as a UDSM as a parsing enhancement. As of 7.2.8, we added a DSM Editor so you can extract from the payload the information required. There are still times when a Log Source Extensions are still valid such as an unsupported Log Source or customized parsing requirement. This article contains examples of Log Source Extensions that customers have provided via the forums. These can be modified or used as a guide to create a Log Source Extension.
Please refer to IBM Documentation for more information on Log source extensions
dsm_extension_examples.zip
MD5 650b3fec30acd408314f55fa67da9831
Please refer to IBM Documentation for more information on Log source extensions
dsm_extension_examples.zipMD5 650b3fec30acd408314f55fa67da9831
[{"Product":{"code":"SSBQAC","label":"IBM Security QRadar SIEM"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Component":"Integrations - 3rd Party","Platform":[{"code":"PF016","label":"Linux"}],"Version":"Version Independent","Edition":"","Line of Business":{"code":"LOB24","label":"Security Software"}}]
Was this topic helpful?
Document Information
Modified date:
07 June 2021
UID
swg21993299