Bit9 Security Platform
Use the IBM QRadar SIEM DSM for Carbon Black Bit9 Security Platform to collect events from Carbon Black Bit9 Parity devices.
The following table identifies the specifications for the Bit9 Security Platform DSM:
| Specification | Value |
|---|---|
| Manufacturer | Carbon Black |
| DSM name | Bit9 Security Platform |
| RPM file name | DSM-Bit9Parity-build_number.noarch.rpm |
| Supported versions | V6.0.2 and up |
| Event format |
Syslog |
| Supported event types | All events |
| Automatically discovered? | Yes |
| Included identity? | Yes |
| More information | Bit9 website (http://www.bit9.com) |
To integrate Bit9 Security Platform with QRadar,
complete the following steps:
- If automatic updates are not enabled, download the most recent version of the Bit9 Security Platform DSM RPM.
- Configure your Bit9 Security Platform device to enable communication with QRadar. You must create a syslog destination and forwarding policy on the Bit9 Security Platform device.
- If QRadar does not
automatically detect Bit9 Security Platform as a log source, create a Bit9 Security Platform log
source on the QRadar Console.
Use the following Bit9 Security Platform values to configure the log source parameters:
Parameter Value Log Source Identifier The IP address or host name of the Bit9 Security Platform device Log Source Type Bit9 Security Platform Protocol Configuration Syslog