Epic SIEM

The IBM QRadar DSM for Epic SIEM can collect event logs from your Epic SIEM.

The following table identifies the specifications for the Epic SIEM DSM:
Table 1. Epic SIEM DSM specifications
Specification Value
Manufacturer Epic
DSM name Epic SIEM
RPM file name DSM-EpicSIEM-QRadar_version-build_number.noarch.rpm
Supported versions Epic 2014, Epic 2015, Epic 2017, Epic 2022
Event format LEEF
Recorded event types

Audit

Authentication

Automatically discovered? Yes
Includes identity? Yes
Includes custom properties? No
More information Epic website
To integrate Epic SIEM DSM with QRadar, complete the following steps:
  1. If automatic updates are not enabled, download and install the most recent version of the following RPMs from the IBM® Support Website onto your QRadar Console:
    • Epic SIEM DSM RPM
    • DSMCommon RPM
  2. Configure your Epic SIEM device to send syslog events to QRadar.
  3. If QRadar does not automatically detect the log source, add an Epic SIEM log source on the QRadar Console. The following table describes the parameters that require specific values for Epic SIEM event collection:
    Table 2. Epic SIEM log source parameters
    Parameter Value
    Log Source type Epic SIEM
    Protocol Configuration Syslog