IBM QRadar

Join this online user group to communicate across Security product users and IBM experts by sharing advice and best practices with peers and staying up to date regarding product enhancements.

View Only

Back to discussions

Expand all | Collapse all

How to Extract Fields from Payload for Internal Logsources ( SIM Audit)

1. How to Extract Fields from Payload for Internal Logsources ( SIM Audit)

Like
Cyber Post
Posted 2 hours ago

Reply
Hello All,

I am trying to extract a few properties from events reported under SIM Audit. However, when opening the DSM Editor, there is no option to select SIM Audit as a log source type.

Is there an alternative way to extract properties from internal log sources such as SIM Audit?

Thanks.

-------------------------------------------