Configuring a database view for Symantec System Center

A database view is required by the JDBC protocol to poll for SSC events.

Procedure

In the Microsoft SQL Server database that is used by the SSC device, configure a custom default view to support IBM QRadar:
Note: The database name must not contain any spaces.

  • CREATE VIEW dbo.vw_qradar AS SELECT

  • dbo.alerts.Idx AS idx,

  • dbo.inventory.IP_Address AS ip,

  • dbo.inventory.Computer AS computer_name,

  • dbo.virus.Virusname AS virus_name,

  • dbo.alerts.Filepath AS filepath,

  • dbo.alerts.NoOfViruses AS no_of_virus,

  • dbo.actualaction.Actualaction AS [action],

  • dbo.alerts.Alertdatetime AS [date],

  • dbo.clientuser.Clientuser AS user_name FROM

  • dbo.alerts INNER JOIN

  • dbo.virus ON dbo.alerts.Virusname_Idx = dbo.virus.Virusname_Idx INNER JOIN

  • dbo.inventory ON dbo.alerts.Computer_Idx = dbo.inventory.Computer_Idx INNER JOIN

  • dbo.actualaction ON dbo.alerts.Actualaction_Idx =

  • dbo.actualaction.Actualaction_Idx INNER JOIN

  • dbo.clientuser ON dbo.alerts.Clientuser_Idx = dbo.clientuser.Clientuser_Idx

What to do next

After you create your custom view, you must configure QRadar to receive event information by using the JDBC protocol.