Configuring alert notification rules in Arbor Networks Peakflow SP

To generate events, you must edit or add rules to use the notification group that IBM QRadar uses as a remote syslog destination.

Procedure

  1. Log in to your Arbor Networks Peakflow SP configuration interface as an administrator.
  2. In the navigation menu, select Administration > Notification > Rules.
  3. Select one of the following options:
    • Click a current rule to edit the rule.
    • Click Add Rule to create a new notification rule.
  4. Configure the following values:
    Table 1. Arbor Networks Peakflow SP notification rule parameters
    Parameter Description
    Name Type the IP address or host name as an identifier for events from your Peakflow SP installation.

    The log source identifier must be a unique value.

    Resource Type a CIDR address or select a managed object from the list of Peakflow resources.
    Importance Select the Importance of the rule.
    Notification Group Select the Notification Group that you assigned to forward syslog events to QRadar.
  5. Repeat these steps to configure any other rules that you want to create.
  6. Click Save.
  7. Click Configuration Commit to apply the configuration changes.

    QRadar automatically discovers and creates a log source for Arbor Networks Peakflow SP appliances. Events that are forwarded to QRadar are displayed on the Log Activity tab.