Suricata
The IBM QRadar DSM for Suricata collects Syslog events from a Suricata device.
To integrate Suricata with QRadar, complete the following steps:
- If automatic updates are not enabled, RPMs are available for download from the IBM support website
(https://www.ibm.com/support). Download and install the most recent version of the following RPMs on
your QRadar
Console:
- TLS Syslog Protocol RPM
- Suricata DSM RPM
- Configure your Suricata device to send events to QRadar. For more information, see Configuring Suricata to communicate with QRadar.
- If QRadar does not automatically detect the log source, add a Suricata log source on the QRadar Console.