Lookout Product Documentation

Find answers about using and optimizing Lookout products.

Mobile Endpoint Security

Mobile Endpoint Security Contents

MES Console

Small and Medium Business Solutions (SMB)

Lookout for Work

MDMs

SIEM Integrations

QRadar Integration

Mapping Lookout Events to QRadar LEEF Fields

Common Event Fields

Event Categorization

Threat event common fields

Device event common fields

Device target fields

Audit event common fields

Partner and Mobile Risk APIs

Mapping Lookout Events to QRadar LEEF Fields

This section describes the contents of mobile threat, device, and audit events generated by the Lookout Mobile Risk API and provides mappings of Lookout event fields into QRadar LEEF (Log Event Extended Format) fields.

On the event details page, fields are grayed out and marked N/A when they are not applicable.

You can enable privacy controls for your Lookout tenant to prevent certain event field data from being mapped into your SIEM. An asterisk (*) denotes fields that you can make private. Contact Lookout Enterprise Support to enable privacy for your Lookout tenant.

Last updated: September 30, 2024

lookout-footer

© 2024 Lookout, Inc. LOOKOUT®, the Lookout Shield Design®, LOOKOUT with Shield Design® and the Lookout multi-color/multi-shaded Wingspan Design® are registered trademarks of Lookout, Inc. in the United States and other countries. DAY OF SHECURITY®, LOOKOUT MOBILE SECURITY®, and POWERED BY LOOKOUT® are registered trademarks of Lookout, Inc. in the United States. Lookout, Inc. maintains common law trademark rights in EVERYTHING IS OK, PROTECTED BY LOOKOUT, CIPHERCLOUD, and the 4 Bar Shield Design.