Broadcom Symantec SiteMinder

Broadcom Symantec SiteMinder is formerly known as CA SiteMinder. The name remains as CA SiteMinder in QRadar

The IBM QRadar Symantec SiteMinder DSM collects syslog-ng events from Symantec SiteMinder appliances.

The Symantec SiteMinder DSM collects access and authorization events that are logged in the smaccess.log file, then forwards the events to IBM QRadar by using syslog-ng.

To integrate Symantec SiteMinder with QRadar, complete the following steps:
  1. If automatic updates are not enabled, download the most recent version of the CA SiteMinder DSM RPM from the IBM® support website (https://www.ibm.com/support).
  2. Configure your Symantec SiteMinder appliance to send events to QRadar. For more information, see Configuring syslog-ng for Symantec SiteMinder.
  3. Add a Symantec SiteMinder log source on the QRadar Console.