IBM QRadar Integration
Sectona Security Platform can be integrated with IBM QRadar using syslog message forwarding. The following steps helps to configure Sectona Security Platform as a log source type with the help of Extension Management in IBM QRadar.
Pre-requisites
Make sure SIEM & Log Forwarding is configured in Sectona Security Platform.
Procedure to integrate IBM QRadar with Sectona Security Platform:
Login to IBM QRadar web console
Switch to the Admin tab in IBM QRadar Security Intelligence platform.
Select Extension Management from the displayed options and click on the Add button.
Click on browse to select the Sectona Security Platform extension file and click on Add.
Click on Install
The following window displays the different components of the Sectona Security Platform. Click on Install.
After the installation you can see the Event Mappings below. Click on OK.
Go back to Admin menu. Click on Log Sources.
You will see the Log Sources window pop up with certain menus listed.
From the menus displayed click on the Add button and enter the following details in the form displayed.
Log Source Name | Sectona PAM |
Log Source Description | Sectona PAM |
Log Source Type | Sectona Security Platform (SSP) |
Protocol Configuration | Syslog (Undocumented) |
Log Source Identifier | IP Address or Host name of Sectona Security Platform |
Enabled | Check the box |
Credibility | 5 |
Target Event Collector | eventcollector0::ibmqradar |
Coalescing Events | Check the box |
Incoming Payload Encoding | UTF-8 |
Store Event Payload | Check the box |
Log Source Extension | Select Sectona Security Platform extension from the drop-down menu |
After you have completed entering the details click on Save. Details that specify the log source are displayed as a row of information in the same window.
Once logs are pushed from Sectona PAM, same can be viewed with configured Log Source.
