When the events from the sample_initiallog.txt file are received by QRadar, the Log Activity page may display them as having the "unknown", "Unknown Kaspersky Threat Feed Service Event", or another descriptive name, instead of a standard value (for example, "KL_Threat_Feed_Service" or "CyberCrime_Tracker_Block_Url"). This may result in duplicating unrelated events.

Log with "unknown" events
If the Log Activity page displays too many events that arrive from different devices, you can add an event filter. In this event filter, set KL_Threat_Feed_Service_v2 and KL_Verification_Tool as the log sources (the operator used in the filter must be Equals any of).
To correctly identify the events, set the mapping between QIDs and events:
 ) in the upper-right area of the window, and then double-click any event that has an incorrect name and "
) in the upper-right area of the window, and then double-click any event that has an incorrect name and "KL_Threat_Feed_Service_v2" in the Log Source column.
Stop the events flow
The event information will be displayed. The event name will be contained in Payload information.

Browsing event information
One result will be displayed in the Matching QIDs table.

Adding the correspondence between a QID and an event name

Log without "unknown" events