Events Guide
Introduction
Section 1: Event Specification
Events Fields
Timestamp (required)
Severity (required)
Type (required)
Subtype (required)
Source (required)
Unified Server Source
Description (required)
IP Address
User
File Events
Process Events
Process Name, Process Path, Process Key, Process Trust, and Process Threat
Installer, Root Hash
Policy
Additional Fields
Event Tables
Version-specific Event Updates
Computer Management Events
CPE Management Events
Discovery Events
General Management Events
Policy Enforcement Events
Policy Management Events
Server Management Events
Session Management Events
Section 2: Access to Event Data
Syslog Formats
Basic and Enhanced Standard Syslog Formats
Basic Syslog Format Message
Enhanced Syslog Format Message
Mapping App Control Events to ArcSight CEF
Top-Level Syslog Format
Message Format
CEF-App Control Mapping Tables
Mapping App Control Events to Q1Labs LEEF Format
Configuring QRadar Log Manager
Manual Setup of App Control as Event Source
Top-Level Syslog Format
LEEF Format
App Control-to-LEEF Mapping Tables
Manual Setup of App Control Custom Properties
External Event Database
Live Inventory SDK
Event Output for External Analytics
Archive Files
Section 3: Health Check Events
Health Check Event Severities
Health Check Event Descriptions