Events exported to LEEF format

To filter the event logs sent to Syslog, create a log category notification with a defined filter.

LEEF format is a customized event format for IBM® Security QRadar®. Events have standard and custom attributes:

ESET PROTECT uses some of standard attributes described in official IBM documentation.

Custom attributes are the same as in JSON format. The deviceGroupName attribute contains the static group of the computer generating the event.

Event categories:

icon_antivirusAntivirus detections

icon_firewall Firewall

Filtered websites—icon_web_protection Web Protection

icon_hips HIPS

Audit

icon_ei_alert ESET Inspect Alerts

icon_blocked Blocked files


note

More information about Log Event Extended Format (LEEF) can be found at official IBM website.