Log Source Event Mapping

Perform the following steps for Log Source Event Mapping:

1. Go to Admin > DSM Editor.
2. In Select Log Source Type window, search for Qualys LEEF.
3. Click Select.

   

4. From the Qualys LEEF screen, go to Event Mappings tab.
   If you do not see mapping for QualysMultiline, create a new one.

5. Click the + icon to add a new mapping.

   The Create a new Event Mapping pop-up is displayed. 

   1. Set Event ID as QualysMultiline (without quotes).
   2. Set Category as QualysMultiline (without quotes).

6. Click Choose Event.
   You can see the Event Categorizations pop-up.

7. Click Create New.
   Set the values as follows:

   • Name: QualysMultiline Information
   • Description: QualysMultiline Information
   • Log Source Type: Qualys LEEF
   • High-Level Category: System
   •  Low-LevelCategory: Information
   • Severity: 2

8. Click Save.
   You are redirected to Event Categorizations.

9. Click and select the newly created entry shown in the Search Results table.

10. Click OK.

    This takes you back to Create a new Event Mapping window.

11. Click Create.

    You are redirected to Qualys LEEF pop-up - Event Mappings tab.

12. Confirm that you now have 3 entries, including Event ID QualysMultiline - Category QualysMultiline.

13. Click Save and close the window.

Enable Last Scan Datetime Parsing

Perform the following steps to enable the last scan date-time parsing:

1. Go to Admin > DSM Editor.
2. In Select Log Source Type.
3. Search and select Qualys LEEF.
4. Go to Properties.
5. From the Properties, search and open Last Scan Datetime.
6. From the Property Configuration > Expression section, click Edit.
7. Notice the Enabled field.
   This field may be in a disabled state (grayed out). If disabled, select the Enabled field. It changes color.
8. Click OK in the Expression section.
9. Click Save and close the window.

Next Step

Log Source