title: QRadar
backends:
  - qradar
order: 20
logsources:
  apache:
    product: apache
    conditions:
      LOGSOURCETYPENAME(devicetype): ilike '%apache%'

  windows:
    product: windows
    conditions:
      LOGSOURCETYPENAME(devicetype): 'Microsoft Windows Security Event Log'

  qflow:
    product: qflow
    index: flows

  netflow:
    product: netflow
    index: flows

  ipfix:
    product: ipfix
    index: flows

  flow:
   category: flow
   index: flows

fieldmappings:
    EventID:
        - Event ID Code
    dst:
        - destinationIP
    dst_ip:
        - destinationIP
    src:
        - sourceIP
    src_ip:
        - sourceIP
    ServiceFileName: Service Name