DSM Editor

Perform the following steps in the DSM editor:

Qualys FIM JSON

In the Configuration tab, check if the following fields are set with the mentioned values:

1. Select Log Source Type ( Qualys FIM JSON ) > Configuration > Log Source Autodetection Configuration.
2. Enable Log Source Autodetection.
3. Click Show Advanced Options and set the following as mentioned:

   1. Minimum Successful Events for Autodetection: 2

   2. Minimum Success Rate for Autodetection: 100

   3. Attempted Parse Limit: The default value can be retained

   4. Consecutive Failed Parse Limit: The default value can be retained

   

Qualys FIM INCIDENTS

In the Configuration tab, check if the following fields are set with the following mentioned values:

1. Select Log Source Type ( Qualys FIM INCIDENT) > Configuration > Log Source Autodetection Configuration.
2. Enable Log Source Autodetection.
3. Click Show Advanced Options, and set the following as mentioned:
   1. Minimum Successful Events for Autodetection: 1
   2. Minimum Success Rate for Autodetection: 100
   3. Attempted Parse Limit: The default value can be retained
   4. Consecutive Failed Parse Limit: The default value can be retained

   

Log Source Event Mapping

Qualys FIM JSON

Search results are displayed based on the  QID or name entered.

1. Go to Admin > DSM Editor.
2. In Select Log Source Type, search for Qualys FIM JSON.
3. Click Select.

   

4. Go to the Event Mappings tab from the Qualys FIM JSON screen.

5. You can view mapping for FIM_EVENTS, FIM_IGNORED_EVENTS, and FIM _INCIDENT_EVENTS.

   You must create a new one if you do not see mapping for FIM_EVENTS, FIM_IGNORED_EVENTS, and FIM _INCIDENT_EVENTS.

   Use the following steps to create new mappings:

   

6. Click the Choose QID link.
   1. High-LevelCategory: Any
   2.  Low-Level Category: Any
   3. Log Source Type: Any
   4. QID/Name: In this text box, the user must search for Qualys FIM and click Search.

7. Click the + icon to add a new mapping.

   The Create a new Event Mapping pop-up is displayed. 

   1. Set Event ID as FIM_EVENTS, FIM_IGNORED_EVENTS and FIM_INCIDENT_EVENTS (without quotes).
   2. Set Category as FIM_EVENTS.
   3. Set FIM_INCIDENT_EVENTS (without quotes).

8. Choose Qualys FIM Events/Qualys FIM Ignored Events/Qualys FIM Incidents based on your requirements.

9. Click OK.

   Create a new Event Mapping window is displayed.

10. Click Create.

    The  Event Mappings window is displayed.

    You can verify the new event mapping created.

11. Click Save and close the window.

Qualys FIM INCIDENTS

1. Go to Admin > DSM Editor.
2. In Select Log Source Type, search for Qualys FIM INCIDENT.
3. Click Select.

   

4. Go to the Event Mappings tab from the Qualys FIM INCIDENTS screen.

   You can view mapping for FIM _INCIDENT_EVENTS.

   You must create new mappings if you do not see a mapping for FIM_INCIDENT_EVENTS.

   

5. Click the + icon to add a new mapping.

   The Create a new Event Mapping pop-up is displayed.

6. Set Event ID as FIM_INCIDENT_EVENTS (without quotes)

7. Set Category as FIM_INCIDENT_EVENTS (without quotes).

8. Click the Choose QID link

   1. High-LevelCategory: Any
   2. Low-Level Category: Any
   3. Log Source Type: Any
   4. QID/Name: In this text box, the user must search for Qualys FIM and click Search.

   

   Search results are displayed based on the QID/Name entered.

9. Choose the Qualys FIM INCIDENTS option.

10. Click OK.

    This takes you back to Create a new Event Mapping window.

11. Click Create. This takes you back to the Event Mappings window.

    You can verify the newly created Event Mapping.

12. Click Save and close the window.

Related Topic

Log Source