SOC Experts Community - Beta
Custom parser in IBM QRadar is called Universal DSM. It is a built in capability of QRadar to receive data in a variety of data formats and protocols, if your product supports a standard logging format (e.g. LEEF) then QRadar will extract all the standardized event contents and map them to the QRadar fields automatically. If you have a different message format you can still use the uDSM to collect your data but you will need to define your own parsing overrides via a Log Source eXtension to extract regex strings from your messages and assign them to the QRadar fields.