Skip to main content

Integrations

Events Unknown

Problem: Illumio App events are shown as unknown in QRadar.

Use the following steps to troubleshoot:

Go to Log Activity and set Filter Log Source Type to Illumio ASP V2.
In Views, select Last 7 Days.
If any events show as unknown, do the following:
1. Right-click on the event and select View in DSM Editor.
2. Under Log Activity Preview, check the value of Event ID and Event Category.
3. If Event ID and Event Category are unknown, create a support ticket with Illumio.
4. If the Event ID and Event Category values are not unknown but Event Name is unknown, then add a new event mapping using the following steps:
  1. Navigate to the Event Mapping tab and click Add.
  2. Click Choose QID.
  3. Click Create New QID Record and enter an appropriate name in the Name field.
  4. Select relevant values for the High Level Category and Low Level Category fields.
  5. Click Save and then click OK.
  6. Click Create.

Was this helpful?

Would you like to provide feedback? Just click here to suggest edits.