Suricata

The IBM QRadar DSM for Suricata collects Syslog events from a Suricata device.

To integrate Suricata with QRadar, complete the following steps:

  1. If automatic updates are not enabled, RPMs are available for download from the IBM support website (https://www.ibm.com/support). Download and install the most recent version of the following RPMs on your QRadar Console:
    • TLS Syslog Protocol RPM
    • Suricata DSM RPM
  2. Configure your Suricata device to send events to QRadar. For more information, see Configuring Suricata to communicate with QRadar.
  3. If QRadar does not automatically detect the log source, add a Suricata log source on the QRadar Console.