Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Sumit
Participant
Jump to solution

Fields dstination ip, ports missing in raw logs sent to QRadar

Hi,

I am using Log Exporter (Leef) format for QRadar.

However, I cannot see complete logs, especially in IPS "Exploits" logs. I can only see the source IP, but not the destination IP, destination port, or source port in the logs in my QRadar.

Those fields are needed for the automation we have in-place which worked well with opsec/lea.

May I get the steps to get complete IPS logs. I am using version R81. 

Regards,

Sumit

0 Kudos
2 Replies
This widget could not be displayed.

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events