CloudLock Cloud Security Fabric
The IBM QRadar DSM for CloudLock Cloud Security Fabric collects events from the CloudLock Cloud Security Fabric service.
The following table describes the specifications for the CloudLock Cloud Security Fabric
DSM:
Specification | Value |
---|---|
Manufacturer | CloudLock |
DSM name | CloudLock Cloud Security Fabric |
RPM file name | DSM-CloudLockCloudSecurityFabric-Qradar_version-build_number.noarch.rpm |
Supported versions | NA |
Protocol | Syslog |
Event format | Log Event Extended Format (LEEF) |
Recorded event types | Incidents |
Automatically discovered? | Yes |
Includes identity? | No |
Includes custom properties? | No |
More information | Cloud Cybersecurity (https://www.cloudlock.com/products/) |
To integrate CloudLock Cloud Security Fabric with QRadar, complete the following steps:
- If automatic updates are not enabled, download and install the most recent version of the
following RPMs from the IBM® Support Website onto your QRadar
Console in the order that they are listed:
- DSMCommon RPM
- CloudLock Cloud Security Fabric DSM RPM
- Configure your CloudLock Cloud Security Fabric service to send Syslog events to QRadar.
- If QRadar does not
automatically detect the log source, add a CloudLock Cloud Security Fabric log source on the QRadar Console. The following
table describes the parameters that require specific values for CloudLock Cloud Security Fabric
event collection:
Table 2. CloudLock Cloud Security Fabric log source parameters Parameter Value Log Source type CloudLock Cloud Security Fabric Protocol Configuration Syslog
The following table provides a sample event message for the CloudLock Cloud Security Fabric
DSM:
Event name | Low level category | Sample log message |
---|---|---|
New Incident | Suspicious Activity |
|