Exabeam

The IBM QRadar DSM for Exabeam collects events from an Exabeam device.

The following table describes the specifications for the Exabeam DSM:
Table 1. Exabeam DSM specifications
Specification Value
Manufacturer Exabeam
DSM name Exabeam
RPM file name DSM-ExabeamExabeam-QRadar_version-build_number.noarch.rpm
Supported versions 1.7 and v2.0
Recorded event types

Critical

Anomalous

Automatically discovered? Yes
Includes identity? No
Includes custom properties? No
More information Exabeam website (http://www.exabeam.com)
To integrate Exabeam with QRadar, complete the following steps:
  1. If automatic updates are not enabled, download and install the most recent version of the Exabeam DSM RPM from the IBM® Support Website onto your QRadar Console:
  2. Configure your Exabeam device to send syslog events to QRadar.
  3. If QRadar does not automatically detect the log source, add an Exabeam log source on the QRadar Console. The following table describes the parameters that require specific values for Exabeam event collection:
    Table 2. Exabeam log source parameters
    Parameter Value
    Log Source type Exabeam
    Protocol Configuration Syslog