IBM QRadar

Hi All,
I need to parse f-secure event logs.  Does anyone have a DSM to parse these event logs?

Thanks in advance.

Regards,


------------------------------
Fatou NDIAYE
------------------------------

​Hi Fatou,

Not sure what version you have or your environment but ...

The DSMs supported are here (this is 7.3.2, get 7.3.3 by changing the number on the end):
https://www.ibm.com/support/knowledgecenter/SS42VS_DSM/com.ibm.dsm.doc/r_supported_dsm_list.html?cp=SS42VS_7.3.2

I didn't see F-Secure listed, but there may be something generic that is closer to what you want (e.g. syslog).

If not listed, you can write one as discussed here:
https://developer.ibm.com/qradar/develop-dsm/

Do have a look at the 101 website here, as there's a lot of good stuff:
https://www.ibm.com/community/qradar/

Good luck.

------------------------------
Darren H.
------------------------------

Original Message:
Sent: Thu January 23, 2020 07:32 AM
From: Fatou NDIAYE
Subject: DSM for F-secure event logs

Hi All,
I need to parse f-secure event logs.  Does anyone have a DSM to parse these event logs?

Thanks in advance.

Regards,


------------------------------
Fatou NDIAYE
------------------------------

Thanks Darren for your answer.

F-secure is not supported in QRadar (I use 7.3.2 Version ). I asked if does anyone have a LSX that i can use to parse events from f-secure source log.
Regards,

------------------------------
Fatou NDIAYE
------------------------------

Original Message:
Sent: Thu January 23, 2020 09:13 AM
From: Darren H.
Subject: DSM for F-secure event logs

​Hi Fatou,

Not sure what version you have or your environment but ...

The DSMs supported are here (this is 7.3.2, get 7.3.3 by changing the number on the end):
https://www.ibm.com/support/knowledgecenter/SS42VS_DSM/com.ibm.dsm.doc/r_supported_dsm_list.html?cp=SS42VS_7.3.2

I didn't see F-Secure listed, but there may be something generic that is closer to what you want (e.g. syslog).

If not listed, you can write one as discussed here:
https://developer.ibm.com/qradar/develop-dsm/

Do have a look at the 101 website here, as there's a lot of good stuff:
https://www.ibm.com/community/qradar/

Good luck.

------------------------------
Darren H.

Original Message:
Sent: Thu January 23, 2020 07:32 AM
From: Fatou NDIAYE
Subject: DSM for F-secure event logs

Hi All,
I need to parse f-secure event logs.  Does anyone have a DSM to parse these event logs?

Thanks in advance.

Regards,


------------------------------
Fatou NDIAYE
------------------------------

With you now - your original post didn't ask for log source extension, just a DSM.

What you can do is supply some sample payload and see if anyone is willing to share.

Or ... I suggest pushing test traffic through the SIEM and creating your own log source extension. Guide to do this is here:
https://www.ibm.com/support/knowledgecenter/SS42VS_DSM/com.ibm.dsm.doc/c_LogSourceGuide_ExtDocs_intro.html

It's straightforward, but you will need to tune the unknowns for this over time. If the source payload is fairly static (mainly the same), it should be a short term activity.

In summary, you will probably have to do some leg work yourself unless someone else on the forums is willing to offer.

Good luck!

------------------------------
Darren H.
------------------------------

Original Message:
Sent: Thu January 23, 2020 10:29 AM
From: Fatou NDIAYE
Subject: DSM for F-secure event logs

Thanks Darren for your answer.

F-secure is not supported in QRadar (I use 7.3.2 Version ). I asked if does anyone have a LSX that i can use to parse events from f-secure source log.
Regards,

------------------------------
Fatou NDIAYE

Original Message:
Sent: Thu January 23, 2020 09:13 AM
From: Darren H.
Subject: DSM for F-secure event logs

​Hi Fatou,

Not sure what version you have or your environment but ...

The DSMs supported are here (this is 7.3.2, get 7.3.3 by changing the number on the end):
https://www.ibm.com/support/knowledgecenter/SS42VS_DSM/com.ibm.dsm.doc/r_supported_dsm_list.html?cp=SS42VS_7.3.2

I didn't see F-Secure listed, but there may be something generic that is closer to what you want (e.g. syslog).

If not listed, you can write one as discussed here:
https://developer.ibm.com/qradar/develop-dsm/

Do have a look at the 101 website here, as there's a lot of good stuff:
https://www.ibm.com/community/qradar/

Good luck.

------------------------------
Darren H.

Original Message:
Sent: Thu January 23, 2020 07:32 AM
From: Fatou NDIAYE
Subject: DSM for F-secure event logs

Hi All,
I need to parse f-secure event logs.  Does anyone have a DSM to parse these event logs?

Thanks in advance.

Regards,


------------------------------
Fatou NDIAYE
------------------------------