Sectona Security Platform can be integrated with IBM QRadar using syslog message forwarding. The following steps helps to configure Sectona Security Platform as a log source type with the help of Extension Management in IBM QRadar.
Pre-requisites
Make sure SIEM & Log Forwarding is configured in Sectona Security Platform.
Procedure to integrate IBM QRadar with Sectona Security Platform:
-
Login to IBM QRadar web console
-
Switch to the Admin tab in IBM QRadar Security Intelligence platform.
-
Select Extension Management from the displayed options and click on the Add button.
-
Click on browse to select the Sectona Security Platform extension file and click on Add.
-
Click on Install
-
The following window displays the different components of the Sectona Security Platform. Click on Install.
-
After the installation you can see the Event Mappings below. Click on OK.
-
Go back to Admin menu. Click on Log Sources.
-
You will see the Log Sources window pop up with certain menus listed.
-
From the menus displayed click on the Add button and enter the following details in the form displayed.
|
|
|
|---|---|
|
Log Source Name |
Sectona PAM |
|
Log Source Description |
Sectona PAM |
|
Log Source Type |
Sectona Security Platform (SSP) |
|
Protocol Configuration |
Syslog (Undocumented) |
|
Log Source Identifier |
IP Address or Host name of Sectona Security Platform |
|
Enabled |
Check the box |
|
Credibility |
5 |
|
Target Event Collector |
eventcollector0::ibmqradar |
|
Coalescing Events |
Check the box |
|
Incoming Payload Encoding |
UTF-8 |
|
Store Event Payload |
Check the box |
|
Log Source Extension |
Select Sectona Security Platform extension from the drop-down menu |
-
After you have completed entering the details click on Save. Details that specify the log source are displayed as a row of information in the same window.
-
Once logs are pushed from Sectona PAM, same can be viewed with configured Log Source.
