After the installation of the Centrify Add-on for QRadar is complete, QRadar should be parsing and indexing the new Centrify audit trail events.
To validate your installation:
-
Generate some Centrify audit trail events into a Centrify managed member server.
For example, log in to the server to generate an authentication event. You should be able to access the generated events from the QRadar Console system.
-
Log in to the QRadar Console and click the Log Activity tab.
You should see different Centrify audit events that QRadar parsed.
When you click a specific event to open the detailed view, it should show various Centrify-specific fields as shown in the following example:
Doc Feedback