Carbon Black Bit9 Parity
To collect events, you must configure your Carbon Black Bit9 Parity device to forward syslog events in Log Event Extended Format (LEEF).
- Log in to the Carbon Black Bit9 Parity console with Administrator or PowerUser privileges.
- From the navigation menu on the left side of the console,
The System Configuration window is displayed.
- Click Server Status.
The Server Status window is displayed.
- Click Edit.
- In the Syslog address field, type the IP address of your QRadar® Console or Event Collector.
- From the Syslog format list, select LEEF (Q1Labs).
- Select the Syslog enabled check box.
- Click Update.
The configuration is complete. The log source is added to IBM® QRadar as Carbon Black Bit9 Parity events are automatically discovered. Events that are forwarded to QRadar by Carbon Black Bit9 Parity are displayed on the Log Activity tab of QRadar.