home

Mobile Endpoint Security

Mobile Endpoint SecuritySecurity Service Edge
Mobile Endpoint SecuritySecurity Service Edge

Lookout Product Documentation

Find answers about using and optimizing Lookout products.

Show Contents

Mobile Endpoint Security

Mapping Lookout Events to QRadar LEEF Fields

Audit event common fields

These fields exist in the details of Lookout device events where event.type=AUDIT.

Lookout event field Type LEEF field Description
 
event.details.type
 enum 
lookoutEventType

Audit Category is tied directly to the event.details.type field. One of

MDM_CONNECTOR, EMAIL_INVITE, ENTERPRISE, ENTERPRISE_FEATURE, CLASSIFICATION_POLICY, DEVICE, ISSUE, DEVICE_GROUP_CHANGE, TENANCY, ADMIN_LOGIN, ADMIN_LOGOUT
event.actor.type
 String 
lookoutActorType
 The type of actor whose actions triggered the audit event, i.e., admin
event.actor.id
 String 
lookoutActorId
 UUID of the actor
event.details.
attributeChanges
 String 
lookoutAttributeChanges
 A stringified map representing the attributes changed.

The following is an example of a LEEF format event.

LEEF:1.0|Lookout|SIEM Client|0.2|THREAT,TROJAN|cat=TROJAN
 lookoutEntName=TestEnterprise
 lookoutId=178656944
 lookoutEventTime=2023-03-07T14:57:41.000Z
 lookoutEventType=APPLICATION
 lookoutThreatId=52b102fa-c154-4ce0-885b-5737f2d77937
 lookoutAction=RESOLVED
 lookoutSeverity=HIGH
 lookoutClassifications=TROJAN
 lookoutAppProcessDetails=MDM E2E Test Event TROJAN,com.some_package
 lookoutAppFileName=6dbb944ccbab4830b60ccfba69c8617c.example
 lookoutAppFilePath=http://6dbb944ccbab4830b60ccfba69c8617c.example
 lookoutTargetId=4e4468ad-3765-4593-ba69-59f1e02d3208
 lookoutTargetExternalId=Appl30C68909DDBA
 lookoutTargetPlatform=IOSlookoutActorType=SYSTEM

Last updated: November 20, 2024

lookout-footer

Legal Privacy Policy Cookie Policy Transparency Report Compliance Info Compliance Info (Gov)

© 2024 Lookout, Inc. LOOKOUT®, the Lookout Shield Design®, LOOKOUT with Shield Design® and the Lookout multi-color/multi-shaded Wingspan Design® are registered trademarks of Lookout, Inc. in the United States and other countries. DAY OF SHECURITY®, LOOKOUT MOBILE SECURITY®, and POWERED BY LOOKOUT® are registered trademarks of Lookout, Inc. in the United States. Lookout, Inc. maintains common law trademark rights in EVERYTHING IS OK, PROTECTED BY LOOKOUT, CIPHERCLOUD, and the 4 Bar Shield Design.