SafeNet DataSecure
The IBM QRadar DSM for SafeNet DataSecure collects syslog events from a SafeNet DataSecure device.
DataSecure maintains activity, such as, record administrative actions, network activity, and cryptography requests. QRadar supports SafeNet DataSecure V6.3.0.
SafeNet DataSecure creates the following event logs:
- Activity Log
- Contains a record of each request that is received by the key server.
- Audit Log
- Contains a record of all configuration changes and user input errors that are made to SafeNet KeySecure, whether through the management console or the command-line interface.
- Client Event Log
- Contains a record of all client requests that have the <RecordEventRequest> element.
- System Log
- Contains a record of all system events, such as the following events:
- Service starts, stops, and restarts
- SNMP traps
- Hardware failures
- Successful or failed cluster replication and synchronization
- Failed log transfers
To integrate SafeNet DataSecure with QRadar, complete the following steps:
- Enable syslog on the SafeNet DataSecure device.
- QRadar automatically detects SafeNet DataSecure after your system receives 25 events and configures a log source. If QRadar does not automatically discover SafeNet DataSecure, add a log source.