Enterprise-IT-Security.com SF-Sherlock
The IBM QRadar DSM for Enterprise-IT-Security.com SF-Sherlock collects logs from your Enterprise-IT-Security.com SF-Sherlock servers.
Specification | Value |
---|---|
Manufacturer | Enterprise-IT-Security.com |
DSM name | Enterprise-IT-Security.com SF-Sherlock |
RPM file name | DSM-EnterpriseITSecuritySFSherlock-Qradar_version-build_number.noarch.rpm |
Supported versions | v8.1 and later |
Event format | Log Event Extended Format (LEEF) |
Recorded event types | All_Checks, DB2_Security_Configuration, JES_Configuration, Job_Entry_System_Attack, Network_Parameter, Network_Security, No_Policy, Resource_Access_Viol, Resource_Allocation, Resource_Protection, Running_System_Change, Running_System_Security, Running_System_Status, Security_Dbase_Scan, Security_Dbase_Specialty, Security_Dbase_Status, Security_Parm_Change, Security_System_Attack, Security_System_Software, Security_System_Status, SF-Sherlock, Sherlock_Diverse, Sherlock_Diverse, Sherlock_Information, Sherlock_Specialties, Storage_Management, Subsystem_Scan, Sysplex_Security, Sysplex_Status, System_Catalog, System_File_Change, System_File_Security, System_File_Specialty, System_Log_Monitoring, System_Module_Security, System_Process_Security, System_Residence, System_Tampering, System_Volumes, TSO_Status, UNIX_OMVS_Security, UNIX_OMVS_System, User_Defined_Monitoring, xx_Resource_Prot_Templ |
Automatically discovered? | Yes |
Includes identity? | No |
Includes custom properties? | No |
More information | Enterprise-IT-Security website (http:/www.enterprise-it-security.com) |
- If automatic updates are not enabled, download and install the most recent version of the
following RPMs from the IBM® Support Website onto your QRadar
Console:
- Enterprise-IT-Security.com SF-Sherlock DSM RPM
- DSM Common RPM
- Configure your Enterprise-IT-Security.com SF-Sherlock device to send syslog events to QRadar.
- If QRadar
does not automatically detect the log source, add
a Enterprise-IT-Security.com SF-Sherlock log source on
the QRadar
Console. The following table describes the parameters
that require specific values for Enterprise-IT-Security.com
SF-Sherlock event collection:
Table 2. Enterprise-IT-Security.com SF-Sherlock log source parameters Parameter Value Log Source type Enterprise-IT-Security.com SF-Sherlock Protocol Configuration Syslog