IBM® QRadar® DSM for Cisco IronPort retrieves logs from the following Cisco products: Cisco IronPort, Cisco Email Security Appliance (ESA), and Cisco Web Security Appliance (WSA). The Cisco IronPort DSM retrieves web content filtering events (W3C format), Text Mail Logs, and System Logs.
To integrate Cisco IronPort with QRadar, complete the following steps:
- If automatic updates are not enabled, download and install the most recent version of the
following RPMs from the IBM Support Website (https://www.ibm.com/support/fixcentral/) onto your QRadar
- Log File Protocol RPM
- Cisco IronPort DSM RPM
- Configure Cisco IronPort to communicate with QRadar.
- Optional: Add a Cisco IronPort log source by using the Log File protocol.
- Optional: Add a Cisco IronPort log source by using the Syslog protocol.