Syslog - IBM QRadar: IPS Messages

https://www.ibm.com/docs/en/qns/5.5.0?topic=logs-viewing-event-log

IPS Messages

Base Rule

Information

General IPS Message

Syslog Header

N/A

N/A

The syslog header is an optional field. The syslog header contains the timestamp and IPv4 address or host name of the system that sends the event.

N/A

N/A

N/A

No current information about this data coming in the header.

N/A

N/A

N/A

No current information about this data coming in the header.

N/A

N/A

N/A

No current information about this data coming in the header.

N/A

N/A

N/A

No current information about this data coming in the header.

N/A

N/A

N/A

No current information about this data coming in the header.

N/A

N/A

N/A

No current information about this data coming in the header.

AdapterID

<vmid>

Number

The XGS adapter ID on which the event was triggered.

AdapterMode

<vendorinfo>

Text/String

The protection mode of the XGS adapter.

IssueID

N/A

N/A

N/A

algorithm-id

N/A

N/A

N/A

appid

N/A

N/A

The Application Identifier.

block

N/A

N/A

count

N/A

N/A

dstip

<dip>

IP Address

The IP address of the event destination (IPv4 or IPv6 Address).

dstport

<dport>

Number

The destination port of the event (Attribute Limits: 0 - 65535).

event-type

<subject>

Text/String

Displays the type of security event: attack, audit, or status (status events gather statistical information).

filterid

N/A

N/A

N/A

iprdststate

N/A

N/A

N/A

iprenabled

N/A

N/A

N/A

iprlicensed

N/A

N/A

N/A

iprsrcstate

N/A

N/A

N/A

ipsid

N/A

N/A

N/A

name

<object>

Text/String

Specifies a meaningful name for the response.

nvpdata

N/A

N/A

 N/A

priority

<serverity>

Text/String

Displays the threat level as default, high, medium, and low.
Low: Security issues that deny service or provide non-system information that could be used to formulate structured attacks on a target, but not directly gain unauthorized access.
Med: Security issues that have the potential of granting access or allowing code execution with complex or lengthy exploit procedures. These issues can be low risk issues applied to major Internet components.
High: Security issues that allow immediate remote or local access, or immediate execution of code or commands, with unauthorized privileges.

protocol

<protname>

Text/String

Displays the protocol of the security event.

quarantineendtime

 N/A

N/A

N/A

ruleid

 N/A

N/A

N/A

rulelabel

<action>

Text/String

N/A

ruleorder

 N/A

N/A

The rule order the event was triggered on.

srcip

<sip>

IP Address

The IP address of the event source (IPv4 or IPv6 Address).

srcport

<sport>

Number

The source port of the event (Attribute Limits: 0 - 65535).

sslmethod

N/A

N/A

The SSL method that the XGS policy rule is using.

target-ip-addr-end

N/A

N/A

N/A 

target-ip-addr-start

N/A

N/A

N/A 

time

N/A

N/A

N/A 

timestamp

N/A

N/A

N/A 

userid

N/A

N/A

N/A 

vulnstatus

<result>

N/A

N/A

SensorAddress

N/A

N/A

N/A 

SensorName

N/A

N/A

N/A 

SensorGUID

N/A

N/A

N/A 

ProductID

N/A

N/A

N/A 

IANAProtocolId

<protnum>

N/A

N/A