Cloudera Navigator

The IBM® QRadar® DSM for Cloudera Navigator collects events from Cloudera Navigator.

The following table identifies the specifications for the Cloudera Navigator DSM:
Table 1. Cloudera Navigator DSM specifications
Specification Value
Manufacturer Cloudera
DSM name Cloudera Navigator
RPM file name DSM-ClouderaNavigator-Qradar_version-build_number.noarch.rpm
Supported versions v2.0
Protocol Syslog
Recorded event types Audit events for HDFS, HBase, Hive, Hue, Cloudera Impala, Sentry
Automatically discovered? Yes
Includes identity? No
Includes custom properties? No
More information Cloudera Navigator website (www.cloudera.com)
To integrate Cloudera Navigator with QRadar, complete the following steps:
  1. If automatic updates are not enabled, download and install the most recent version of the following RPMs from the IBM Support Website onto your QRadar Console:
    • Cloudera Navigator DSM RPM
  2. Configure your Cloudera Navigator device to send syslog events to QRadar.
  3. If QRadar does not automatically detect the log source, add a Cloudera Navigator log source on the QRadar Console. The following table describes the parameters that require specific values for Cloudera Navigator event collection:
    Table 2. Cloudera Navigator log source parameters
    Parameter Value
    Log Source type Cloudera Navigator
    Protocol Configuration Syslog
    Log Source Identifier The IP address or host name in the Syslog header. Use the packet IP address, if the Syslog header does not contain an IP address or host name.