IBM Security Guardium

 View Only
Expand all | Collapse all

Object Name in LEEF Sys Log

  • 1.  Object Name in LEEF Sys Log

    Posted Thu May 27, 2021 09:41 AM

    Hello,

     

    We are really needing the Object Name field added into the LEEF template to send by SYS LOG to Qradar (our log monitoring tool).  However, it doesn't seem that Object is an option to add to LEEF.  I have tried this and looked for documentation. I just want to see if there is anything possible here to add the Object field to the LEEF template.

     

    Brian Greenwood CPC HCISPP-A

    Information Security Analyst II

     

    Arkansas Blue Cross and Blue Shield

    515 Pershing Blvd

    North Little Rock, Arkansas 72214

    Office | 501-712-6317

     



    Privacy Information: http://privacynotice.net (data rate charges may apply) or 800-524-2621.

    ATTN: In the coming months, Arkansas BlueCross and BlueShield will be moving to a new secure email system, Mimecast. This new portal requires external recipients to create and maintain a password to view encrypted emails. Please see this article for more information. https://www.arkansasbluecross.com/mimecast



  • 2.  RE: Object Name in LEEF Sys Log

    Posted Fri May 28, 2021 02:42 AM

    Hi,
    You can modify event content.

    Here list of available variables:

    The alert message template

    Ibm remove preview
    The alert message template
    Message templates determine the content of alerts. You can create multiple message templates from the Global Profile, and use them with different rules as required.
    View this on Ibm >

    In you case you should add %%Object

    It is a array because one SQL can touch many objects.

    The cli command "store alert_object_num_limit" defines how maximum number of objects extracted to array.



    ------------------------------
    Zbigniew (Zibi) Szmigiero
    IBM
    ------------------------------

    Original Message