Skip to main content
Skip table of contents

IBM QRadar Integration with Sectona PAM

Sectona Technologies, with its core mission of Securing What Matters, provides a purpose-built access platform designed to protect privileged accounts and secure dynamic remote workforce access. Sectona Security Platform safeguards passwords, SSH keys, and other sensitive secrets within its dedicated vault, while enforcing endpoint isolation and full cross-platform session management to ensure maximum security and control.

To enhance real-time visibility and support centralized threat monitoring, Sectona Security Platform provides the capability to send real-time syslog events to industry-leading SIEM solutions. Integrating syslog events with IBM QRadar enables security teams to correlate privileged activity with broader organizational telemetry, detect anomalies faster, and improve incident response.

This document is the User Guide for the Sectona Security Platform QRadar DSM extension. It is intended for organizations that use IBM Security QRadar in combination with the Sectona’s Privileged Access Management (PAM) Platform to enhance visibility, monitoring, and analysis of privileged user activity.

You will find this guide useful if your company’s security policies, compliance requirements, or operational processes require centralized logging and correlation of privileged access events within QRadar. By integrating real-time syslog events from the Sectona Security Platform, QRadar can provide enriched dashboards, and analytics related to:

  • Privileged account usage.

  • Password Management Activities.

  • Session initiation, completion and activity events.

  • Authentication, authorization, and policy enforcement.

  • Administrative and configuration activities.

This document explains how to configure, deploy, and validate the DSM extension to ensure seamless ingestion and parsing of Sectona PAM events, enabling your SOC teams to maintain continuous visibility into privileged access operations across your environment.

Product details and pre-requisites

Sectona Security Platform Version

5.5.0.0

Release Date

December 2025

QRadar Version

7.3.3 and above

Steps to configure Log Forwarding in Sectona PAM to IBM QRadar

The steps below will help you configure Log Forwarding to IBM QRadar:

  • Login into Sectona Security Platform with Administrator role credentials

  • Navigate to PAM from product Navigator

  • Head to the Setup option, Under General, select SIEM & Log Forwarding from the sidebar.

  • IP Address: Provide the IP address of the IBM QRadar server.

  • Port No: Enter port no Configured on IBM QRadar for Sectona log collection.

  • Description: Enter the Description

  • Type: Select the protocol type of log forwarding TCP or UDP

  • Format: Select IBM QRadar from the drop-down.

  • Syslog Message Parameters: The default parameters are selected, you can modify as per your requirement

  • Enable the Active slider and click save to save the configuration

c29ef898-bae0-4132-aae3-b22ebc97059a-20251209-120745.jpg

IBM QRadar Configuration

Installing Sectona Security Platform Extension:

  1. Log in into IBM Qradar console with administrative privileges

  2. From the Admin menu, select Extensions Management.

  3. Select IBM Security App Exchange.

  4. Search Sectona Security Platform and download the extension. You can download directly the package from https://exchange.xforce.ibmcloud.com/hub/

  5. Return to the Extensions Management.

  6. Add and select the zip file you downloaded.

Configuring Log Source

  1. Log in to QRadar.

  2. Click the Admin tab.

  3. Under the data sources > Events, , click the Log Sources app icon.

  4. Click Add Log Source > Single Log Source.

  5. A window will open to configure the log source, Enter the name of log source (recommended name- Sectona Security Platfrom). Enter the description

  6. Log Source Type: Select Log Source Type as “Sectona Security Platform” from the dropdown and Select Protocol Configuration as Syslog.

  7. Add the IP Address or hostname of Sectona Security Platform server as Log Source Identifier.

  8. in Log source extension Select the “SectonaSecurityPlatformCustom_ext”

  9. Save the configuration

A screenshot of a computer AI-generated content may be incorrect.

  1. Log Activity

From the Log activity menu, filter the received logs selecting the time range and sort them as per your need.

c29ef898-bae0-4132-aae3-b22ebc97059a-20251209-120545.jpg

c29ef898-bae0-4132-aae3-b22ebc97059a-20251209-120046.jpg

Sectona Security Platform’s Qradar extension enables extraction of important properties from the syslog.

c29ef898-bae0-4132-aae3-b22ebc97059a-20251209-120336.jpg

Troubleshooting

If the search results did not return any activity log or shows blank data, this generally indicates that no data is available for the selected time range, or that the configured log source is not sending any information.

To verify this, open the Log Activity tab in IBM QRadar and switch to Real-time mode to confirm whether QRadar is receiving events from the Sectona Security Platform Log Source.

Our Sectona Support is available to assist you. Contact us at: help@sectona.com

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close