SafeNet DataSecure

The IBM® QRadar® DSM for SafeNet DataSecure collects syslog events from a SafeNet DataSecure device.

DataSecure maintains activity, such as, record administrative actions, network activity, and cryptography requests. QRadar supports SafeNet DataSecure V6.3.0.

SafeNet DataSecure creates the following event logs:
Activity Log
Contains a record of each request that is received by the key server.
Audit Log
Contains a record of all configuration changes and user input errors that are made to SafeNet KeySecure, whether through the management console or the command-line interface.
Client Event Log
Contains a record of all client requests that have the <RecordEventRequest> element.
System Log
Contains a record of all system events, such as the following events:
  • Service starts, stops, and restarts
  • SNMP traps
  • Hardware failures
  • Successful or failed cluster replication and synchronization
  • Failed log transfers
To integrate SafeNet DataSecure with QRadar, complete the following steps:
  1. Enable syslog on the SafeNet DataSecure device.
  2. QRadar automatically detects SafeNet DataSecure after your system receives 25 events and configures a log source. If QRadar does not automatically discover SafeNet DataSecure, add a log source.