SolarWinds Orion
The IBM QRadar DSM for SolarWinds Orion collects events from a SolarWinds Orion appliance.
The following table describes the specifications for the SolarWinds Orion DSM:
Specification | Value |
---|---|
Manufacturer | SolarWinds |
DSM name | SolarWinds Orion |
RPM file name | DSM-SolarWindsOrion-QRadar_version-build_number.noarch.rpm |
Supported versions | 2013.2.0 |
Protocol | SNMPv2 SNMPv3 |
Event format | name-value pair (NVP) |
Recorded event types |
All events |
Automatically discovered? | No |
Includes identity? | No |
Includes custom properties? | No |
More information | For more information, see the SolarWinds Orion link to public site website (https://www.solarwinds.com/orion). |
To integrate SolarWinds Orion with QRadar, complete the following steps:
- If automatic updates are not enabled, RPMs are available for download from the IBM support website (http://www.ibm.com/support). Download and install the most recent version of the SolarWinds Orion DSM RPM on your QRadar Console:
- Configure your SolarWinds Orion device to send events to QRadar.
- Add a SolarWinds Orion log source on the QRadar Console.
- Verify that QRadar is
configured correctly.The following table shows a normalized sample event message from SolarWinds Orion:
Table 2. SolarWinds Orion sample message Event name Low level category Sample log message Domain controller UnManaged Warning 1.3.6.1.2.1.1.3.0=0:00:00.00 1.3.6.1.6.3.1.1.4.1.0=1.3.6.1.4.1.11307.10 1.3.6.1.6.3.1.1.4.3.0=1.3.6.1.4.1.11307 1.3.6.1.4.1.11307.10.2=hostname 1.3.6.1.4.1.11307.10.3=127.0.0.1 1.3.6.1.4.1.11307.10.4=2466 1.3.6.1.4.1.11307.10.5=hostname 1.3.6.1.4.1.11307.10.6=Node 1.3.6.1.4.1.11307.10.7=2466 1.3.6.1.4.1.11307.10.1=InfoSec - EMAIL ONLY - Domain Controller UnManaged - hostname - Status = Unknown 1.3.6.1.4.1.11307.10.8=InfoSec -EMAIL ONLY - Domain Controller UnManaged hostname is Unknown.