SOC Experts Community - Beta
1 like 0 dislike
in SIEM by (1.2k points)
Device Support Module in IBM Qradar

2 Answers

0 like 0 dislike
by (5.4k points)
in IBM QRadar, parser is called as DSM, where unstructured log are converted to structured log.
0 like 0 dislike
by (370 points)

Custom parser in IBM QRadar is called Universal DSM. It is a built in capability of QRadar to receive data in a variety of data formats and protocols, if your product supports a standard logging format (e.g. LEEF) then QRadar will extract all the standardized event contents and map them to the QRadar fields automatically. If you have a different message format you can still use the uDSM to collect your data but you will need to define your own parsing overrides via a Log Source eXtension to extract regex strings from your messages and assign them to the QRadar fields.

SOC Experts - No. 1 Job Oriented Cybersecurity Training Program

View our Courses