IBM QRadar

IBM QRadar

Join this online user group to communicate across Security product users and IBM experts by sharing advice and best practices with peers and staying up to date regarding product enhancements.

 View Only

  • 1.  Universal DSM parsing error

    Posted Wed August 04, 2021 12:01 PM
    Hello all,
    I am integrating MS cloud app security with QRadar and used universal DSM and cloud REST api. I am getting the logs in QRadar but they are not parsed. I tried to parse them in DSM editor and successfully parsed most of those logs. The problem is when I open events in DSM editor, I can see all my custom extracted properties there but when I open event in log activity, my custom extracted properties don't show up there. What should I do to see custom properties in log activity events.

    Thanks in Advance,

    ------------------------------
    Abdul Rahman
    ------------------------------


  • 2.  RE: Universal DSM parsing error

    Posted Thu August 05, 2021 05:44 AM
    Anyone who can guide, please?

    ------------------------------
    Abdul Rahman
    ------------------------------

    Original Message


  • 3.  RE: Universal DSM parsing error

    Posted Thu August 05, 2021 08:21 AM
    Edited by Andres Parada Thu August 05, 2021 04:32 PM
    Hi Abdulrahman, 
    In Log Source settings, try remove the log source extension. I mean, select to use none of the log source extension


    ------------------------------


  • 4.  RE: Universal DSM parsing error

    Posted Fri August 06, 2021 02:19 AM
    Also, could be that ur EventID not parsed yet

    ------------------------------
    Mohd Mukrim Che Mohamad Zulkifly
    ------------------------------

    Original Message


Related Content