Configuring Carbon Black Bit9 Security Platform to communicate with QRadar

Configure your Carbon Black Bit9 Security Platform device to forward events to IBM QRadar in LEEF format.

Procedure

  1. Log in to the Carbon Black Bit9 Security Platform console with Administrator or PowerUser privileges.
  2. From the navigation menu, select Administration > System Configuration.
  3. Click Server Status and click Edit.
  4. In the Syslog address field, type the IP address of your QRadar Console or Event Collector.
  5. From the Syslog format list, select LEEF (Q1Labs).
  6. Select the Syslog enabled check box and click Update.