SolarWinds Orion

The IBM QRadar DSM for SolarWinds Orion collects events from a SolarWinds Orion appliance.

The following table describes the specifications for the SolarWinds Orion DSM:
Table 1. SolarWinds Orion DSM specifications
Specification Value
Manufacturer SolarWinds
DSM name SolarWinds Orion
RPM file name DSM-SolarWindsOrion-QRadar_version-build_number.noarch.rpm
Supported versions 2013.2.0
Protocol SNMPv2

SNMPv3

Event format name-value pair (NVP)
Recorded event types

All events

Automatically discovered? No
Includes identity? No
Includes custom properties? No
More information For more information, see the SolarWinds Orion link to public site website (https://www.solarwinds.com/orion).
To integrate SolarWinds Orion with QRadar, complete the following steps:
  1. If automatic updates are not enabled, RPMs are available for download from the IBM support website (http://www.ibm.com/support). Download and install the most recent version of the SolarWinds Orion DSM RPM on your QRadar Console:
  2. Configure your SolarWinds Orion device to send events to QRadar.
  3. Add a SolarWinds Orion log source on the QRadar Console.
  4. Verify that QRadar is configured correctly.
    The following table shows a normalized sample event message from SolarWinds Orion:
    Table 2. SolarWinds Orion sample message
    Event name Low level category Sample log message
    Domain controller UnManaged Warning
    1.3.6.1.2.1.1.3.0=0:00:00.00	1.3.6.1.6.3.1.1.4.1.0=1.3.6.1.4.1.11307.10	1.3.6.1.6.3.1.1.4.3.0=1.3.6.1.4.1.11307	1.3.6.1.4.1.11307.10.2=hostname	1.3.6.1.4.1.11307.10.3=127.0.0.1	1.3.6.1.4.1.11307.10.4=2466	1.3.6.1.4.1.11307.10.5=hostname	1.3.6.1.4.1.11307.10.6=Node	1.3.6.1.4.1.11307.10.7=2466	1.3.6.1.4.1.11307.10.1=InfoSec - EMAIL ONLY - Domain Controller UnManaged - hostname - Status = Unknown	1.3.6.1.4.1.11307.10.8=InfoSec -EMAIL ONLY - Domain Controller UnManaged hostname is Unknown.