2019-05-16 21:33:51 +00:00
|
|
|
title: QRadar
|
2019-05-19 23:00:33 +00:00
|
|
|
backends:
|
|
|
|
|
- qradar
|
2019-04-22 22:54:10 +00:00
|
|
|
order: 20
|
2018-07-17 12:25:06 +00:00
|
|
|
logsources:
|
|
|
|
|
apache:
|
|
|
|
|
product: apache
|
|
|
|
|
conditions:
|
2019-08-12 19:37:40 +00:00
|
|
|
LOGSOURCETYPENAME(devicetype): ilike '%apache%'
|
2018-07-17 12:25:06 +00:00
|
|
|
|
|
|
|
|
windows:
|
|
|
|
|
product: windows
|
|
|
|
|
conditions:
|
2019-08-12 19:37:40 +00:00
|
|
|
LOGSOURCETYPENAME(devicetype): 'Microsoft Windows Security Event Log'
|
2018-08-17 04:44:17 +00:00
|
|
|
|
|
|
|
|
qflow:
|
|
|
|
|
product: qflow
|
|
|
|
|
index: flows
|
|
|
|
|
|
|
|
|
|
netflow:
|
|
|
|
|
product: netflow
|
|
|
|
|
index: flows
|
|
|
|
|
|
|
|
|
|
ipfix:
|
|
|
|
|
product: ipfix
|
|
|
|
|
index: flows
|
|
|
|
|
|
|
|
|
|
flow:
|
|
|
|
|
category: flow
|
|
|
|
|
index: flows
|
2018-07-17 12:25:06 +00:00
|
|
|
|
|
|
|
|
fieldmappings:
|
2019-01-11 03:33:49 +00:00
|
|
|
EventID:
|
|
|
|
|
- Event ID Code
|
|
|
|
|
dst:
|
|
|
|
|
- destinationIP
|
|
|
|
|
dst_ip:
|
|
|
|
|
- destinationIP
|
|
|
|
|
src:
|
|
|
|
|
- sourceIP
|
|
|
|
|
src_ip:
|
|
|
|
|
- sourceIP
|
2019-08-26 12:43:26 +00:00
|
|
|
c-ip: sourceIP
|
|
|
|
|
cs-ip: sourceIP
|
|
|
|
|
cs-uri: url
|
|
|
|
|
c-uri: sourceIP
|
|
|
|
|
c-uri-extension: file_extension
|
2019-08-26 12:06:20 +00:00
|
|
|
UserAgent: user_agent
|
|
|
|
|
c-uri-query: uri_query
|
|
|
|
|
HttpMethod: Method
|
|
|
|
|
URL: URL
|
|
|
|
|
r-dns: FQDN
|
2019-08-26 12:43:26 +00:00
|
|
|
ClientIP: sourceIP
|
2019-01-11 03:33:49 +00:00
|
|
|
ServiceFileName: Service Name
|
