To generate events, you must edit or add rules to use the notification group that IBM
QRadar uses as a remote syslog
destination.
Procedure
-
Log in to your Arbor Networks Peakflow SP configuration interface as an administrator.
-
In the navigation menu, select.
-
Select one of the following options:
- Click a current rule to edit the rule.
- Click Add Rule to create a new notification rule.
-
Configure the following values:
Table 1. Arbor Networks Peakflow SP notification rule parameters
Parameter |
Description |
Name |
Type the IP address or host name as an identifier for events from your Peakflow SP
installation. The log source identifier must be a unique value.
|
Resource |
Type a CIDR address or select a managed object from the list of Peakflow resources. |
Importance |
Select the Importance of the rule. |
Notification Group |
Select the Notification Group that you assigned to forward syslog
events to QRadar. |
-
Repeat these steps to configure any other rules that you want to create.
-
Click Save.
-
Click Configuration Commit to apply the configuration changes.
QRadar automatically
discovers and creates a log source for Arbor Networks Peakflow SP appliances. Events that are
forwarded to QRadar are
displayed on the Log Activity tab.