CloudPassage Halo
The CloudPassage Halo DSM for IBM QRadar can collect event logs from the CloudPassage Halo account.
The following table identifies the specifications for the CloudPassage
Halo DSM:
| Specification | Value |
|---|---|
| Manufacturer | CloudPassage |
| DSM name | CloudPassage Halo |
| RPM file name | DSM-CloudPassageHalo-build_number.noarch.rpm |
| Supported versions | All |
| Event format | Syslog, Log file |
| QRadar® recorded event types | All events |
| Automatically discovered? | Yes |
| Included identity? | No |
| More information | CloudPassage website (www.cloudpassage.com) |
To integrate CloudPassage Halo with QRadar,
use the following steps:
- If automatic updates are not enabled, download the latest versions of the following RPMs from
the IBM® Support Website onto your QRadar
Console:
- DSMCommon RPM
- CloudPassage Halo RPM
- Configure your CloudPassage Halo to enable communication with QRadar.
- If QRadar does not automatically detect CloudPassage Halo as a log source, create a CloudPassage Halo log source on the QRadar Console.