IBM QRadar

IBM QRadar

Join this online user group to communicate across Security product users and IBM experts by sharing advice and best practices with peers and staying up to date regarding product enhancements.

 View Only

  • 1.  Source and Destination IPs

    Posted Wed July 14, 2021 03:11 PM

    Hi everyone,

    If I look at the events from an IPTables firewall (IPFire), the source and destination IP are the same (the IP of the firewall), while in the payload the SRC= is correct. Can anyone point me to some reading on this? I assume it's a DSM mapping issue. Many thanks.



    #QRadar
    #Support
    #SupportMigration


  • 2.  RE: Source and Destination IPs

    Posted Thu July 15, 2021 04:42 AM

    Right. its a parsing issue .. IPFire may not be a supported logsource..

    You can extract the right value of the property following this document:

    https://www.ibm.com/docs/en/qsip/7.4?topic=properties-creating-custom-property



    #QRadar
    #Support
    #SupportMigration


Related Content