Verifying your QRadar configuration

After the installation of the Centrify Add-on for QRadar is complete, QRadar should be parsing and indexing the new Centrify audit trail events.

To validate your installation:

  1. Generate some Centrify audit trail events into a Centrify managed member server.

    For example, log in to the server to generate an authentication event.  You should be able to access the generated events from the QRadar Console system.

  1. Log in to the QRadar Console and click the Log Activity tab.

    You should see different Centrify audit events that QRadar parsed.


     

    When you click a specific event to open the detailed view, it should show various Centrify-specific fields as shown in the following example: