2019-05-16 23:33:51 +02:00
|
|
|
title: QRadar
|
2019-05-20 01:00:33 +02:00
|
|
|
backends:
|
|
|
|
|
- qradar
|
2019-04-23 00:54:10 +02:00
|
|
|
order: 20
|
2018-07-17 15:25:06 +03:00
|
|
|
logsources:
|
|
|
|
|
apache:
|
|
|
|
|
product: apache
|
|
|
|
|
conditions:
|
2019-08-12 21:37:40 +02:00
|
|
|
LOGSOURCETYPENAME(devicetype): ilike '%apache%'
|
2018-07-17 15:25:06 +03:00
|
|
|
|
|
|
|
|
windows:
|
|
|
|
|
product: windows
|
|
|
|
|
conditions:
|
2019-08-12 21:37:40 +02:00
|
|
|
LOGSOURCETYPENAME(devicetype): 'Microsoft Windows Security Event Log'
|
2018-08-16 21:44:17 -07:00
|
|
|
|
|
|
|
|
qflow:
|
|
|
|
|
product: qflow
|
|
|
|
|
index: flows
|
|
|
|
|
|
|
|
|
|
netflow:
|
|
|
|
|
product: netflow
|
|
|
|
|
index: flows
|
|
|
|
|
|
|
|
|
|
ipfix:
|
|
|
|
|
product: ipfix
|
|
|
|
|
index: flows
|
|
|
|
|
|
|
|
|
|
flow:
|
2019-12-07 00:23:30 +01:00
|
|
|
category: flow
|
|
|
|
|
index: flows
|
2018-07-17 15:25:06 +03:00
|
|
|
|
|
|
|
|
fieldmappings:
|
2019-12-07 00:23:30 +01:00
|
|
|
EventID:
|
|
|
|
|
- Event ID Code
|
|
|
|
|
dst:
|
|
|
|
|
- destinationIP
|
|
|
|
|
dst_ip:
|
|
|
|
|
- destinationIP
|
|
|
|
|
src:
|
|
|
|
|
- sourceIP
|
|
|
|
|
src_ip:
|
|
|
|
|
- sourceIP
|
|
|
|
|
c-ip: sourceIP
|
|
|
|
|
cs-ip: sourceIP
|
|
|
|
|
c-uri: url
|
|
|
|
|
c-uri-extension: file_extension
|
|
|
|
|
c-useragent: user_agent
|
|
|
|
|
c-uri-query: uri_query
|
|
|
|
|
cs-method: Method
|
|
|
|
|
r-dns: FQDN
|
|
|
|
|
ClientIP: sourceIP
|
|
|
|
|
ServiceFileName: Service Name
|
