Configuring Carbon Black Bit9 Security Platform to communicate with QRadar
Configure your Carbon Black Bit9 Security Platform device to forward events to IBM QRadar in LEEF format.
Procedure
- Log in to the Carbon Black Bit9 Security Platform console with Administrator or PowerUser privileges.
- From the navigation menu, select Administration > System Configuration.
- Click Server Status and click Edit.
- In the Syslog address field, type the IP address of your QRadar Console or Event Collector.
- From the Syslog format list, select LEEF (Q1Labs).
- Select the Syslog enabled check box and click Update.