Collecting alerts logs from STEALTHbits StealthINTERCEPT

To collect all alerts logs from STEALTHbits StealthINTERCEPT, you must specify IBM QRadar as the syslog server and configure the message format.

Procedure

  1. Log in to your STEALTHbits StealthINTERCEPT server.
  2. Start the Administration Console.
  3. Click Configuration > Syslog Server.
  4. Configure the following parameters:
    Parameter Description
    Host Address The IP address of the QRadar Console
    Port 514
  5. Click Import mapping file.
  6. Select the SyslogLeefTemplate.txt file and press Enter.
  7. Click Save.
  8. On the Administration Console, click Actions.
  9. Select the mapping file that you imported, and then select the Send to Syslog check box.
    Tip: Leave the Send to Events DB check box selected. StealthINTERCEPT uses the events database to generate reports.
  10. Click Add.