Merge pull request #207684 from batamig/patch-230

PRMerger5 · web-flow · commit 38519d169e3a · 2022-08-11T03:26:45.000-07:00
adding sample payload sent to qradar
diff --git a/articles/defender-for-iot/organizations/tutorial-qradar.md b/articles/defender-for-iot/organizations/tutorial-qradar.md
@@ -109,6 +109,12 @@ For the integration to work, you will need to setup in the Defender for IoT appl
 
 1. Select **Save**.
 
+The following is an example of a payload sent to QRadar:
+
+```sample payload
+<9>May 5 12:29:23 sensor_Agent LEEF:1.0|CyberX|CyberX platform|2.5.0|CyberX platform Alert|devTime=May 05 2019 15:28:54 devTimeFormat=MMM dd yyyy HH:mm:ss sev=2 cat=XSense Alerts title=Device is Suspected to be Disconnected (Unresponsive) score=81 reporter=192.168.219.50 rta=0 alertId=6 engine=Operational senderName=sensor Agent UUID=5-1557059334000 site=Site zone=Zone actions=handle dst=192.168.2.2 dstName=192.168.2.2 msg=Device 192.168.2.2 is suspected to be disconnected (unresponsive).
+```
+
 ## Map notifications to QRadar
 
 The rule must then be mapped on the on-premises management console.
