Skip to main content

Integrations

Log Sources

A log source named “Illumio ASP V2” is created automatically when the application is installed. All events that are sent from the application to QRadar include the log source as a prefix (such as Illumio ASP V2: core0-2x2devtest59).

You can create multiple log sources with different names if you want to create more descriptive identifiers, such as to convey more information about the usage of the event. You need to create a separate log source to collect data from each PCE.

This image shows the Illumio ASP V2 log source included in the app.

Log_Source_Summary

Log Source Types

Using log source types helps to define how data is parsed. You can attach Log Source Extension and Custom Event Properties to a log source to extend its capabilities. The log source type Illumio ASP V2 categorizes two types of events: Traffic Summary and Auditable Events.

Log Source Type	Event Data Type
Illumio ASP V2	Traffic Summary and Auditable Events (JSON + LEEF)

You can link the Illumio ASP V2 log source type to different log sources, as described in Add the PCE as a Log Source in QRadar.

Was this helpful?

Would you like to provide feedback? Just click here to suggest edits.