Enterprise-IT-Security.com SF-Sherlock

The IBM QRadar DSM for Enterprise-IT-Security.com SF-Sherlock collects logs from your Enterprise-IT-Security.com SF-Sherlock servers.

The following table describes the specifications for the Enterprise-IT-Security.com SF-Sherlock DSM:
Table 1. Enterprise-IT-Security.com SF-Sherlock DSM specifications
Specification Value
Manufacturer Enterprise-IT-Security.com
DSM name Enterprise-IT-Security.com SF-Sherlock
RPM file name DSM-EnterpriseITSecuritySFSherlock-Qradar_version-build_number.noarch.rpm
Supported versions v8.1 and later
Event format Log Event Extended Format (LEEF)
Recorded event types

All_Checks, DB2_Security_Configuration, JES_Configuration, Job_Entry_System_Attack, Network_Parameter, Network_Security, No_Policy, Resource_Access_Viol, Resource_Allocation, Resource_Protection, Running_System_Change, Running_System_Security, Running_System_Status, Security_Dbase_Scan, Security_Dbase_Specialty, Security_Dbase_Status, Security_Parm_Change, Security_System_Attack, Security_System_Software, Security_System_Status, SF-Sherlock, Sherlock_Diverse, Sherlock_Diverse, Sherlock_Information, Sherlock_Specialties, Storage_Management, Subsystem_Scan, Sysplex_Security, Sysplex_Status, System_Catalog, System_File_Change, System_File_Security, System_File_Specialty, System_Log_Monitoring, System_Module_Security, System_Process_Security, System_Residence, System_Tampering, System_Volumes, TSO_Status, UNIX_OMVS_Security, UNIX_OMVS_System, User_Defined_Monitoring, xx_Resource_Prot_Templ

Automatically discovered? Yes
Includes identity? No
Includes custom properties? No
More information Enterprise-IT-Security website (http:/www.enterprise-it-security.com)
To integrate Enterprise-IT-Security.com SF-Sherlock with QRadar, complete the following steps:
  1. If automatic updates are not enabled, download and install the most recent version of the following RPMs from the IBM® Support Website onto your QRadar Console:
    • Enterprise-IT-Security.com SF-Sherlock DSM RPM
    • DSM Common RPM
  2. Configure your Enterprise-IT-Security.com SF-Sherlock device to send syslog events to QRadar.
  3. If QRadar does not automatically detect the log source, add a Enterprise-IT-Security.com SF-Sherlock log source on the QRadar Console. The following table describes the parameters that require specific values for Enterprise-IT-Security.com SF-Sherlock event collection:
    Table 2. Enterprise-IT-Security.com SF-Sherlock log source parameters
    Parameter Value
    Log Source type Enterprise-IT-Security.com SF-Sherlock
    Protocol Configuration Syslog