Cloudera Navigator
The IBM® QRadar® DSM for Cloudera Navigator collects events from Cloudera Navigator.
The following table identifies the specifications for the Cloudera
Navigator DSM:
Specification | Value |
---|---|
Manufacturer | Cloudera |
DSM name | Cloudera Navigator |
RPM file name | DSM-ClouderaNavigator-Qradar_version-build_number.noarch.rpm |
Supported versions | v2.0 |
Protocol | Syslog |
Recorded event types | Audit events for HDFS, HBase, Hive, Hue, Cloudera Impala, Sentry |
Automatically discovered? | Yes |
Includes identity? | No |
Includes custom properties? | No |
More information | Cloudera Navigator website (www.cloudera.com) |
To integrate Cloudera Navigator with QRadar, complete the following steps:
- If automatic updates are not enabled, download and install the most recent version of the
following RPMs from the IBM Support Website onto your QRadar
Console:
- Cloudera Navigator DSM RPM
- Configure your Cloudera Navigator device to send syslog events to QRadar.
- If QRadar does not
automatically detect the log source, add a Cloudera Navigator log source on the QRadar
Console. The following table describes
the parameters that require specific values for Cloudera Navigator event collection:
Table 2. Cloudera Navigator log source parameters Parameter Value Log Source type Cloudera Navigator Protocol Configuration Syslog Log Source Identifier The IP address or host name in the Syslog header. Use the packet IP address, if the Syslog header does not contain an IP address or host name.