Tripwire

The Tripwire DSM accepts resource additions, removal, and modification events by using syslog.

Procedure

  1. Log in to the Tripwire interface.
  2. On the left navigation, click Actions.
  3. Click New Action.
  4. Configure the new action.
  5. Select Rules and click the rule that you want to monitor.
  6. Select the Actions tab.
  7. Make sure that the new action is selected.
  8. Click OK.
  9. Repeat Tripwire to Tripwire for each rule you want to monitor.
    You are now ready to configure the log source in QRadar.
  10. To configure QRadar to receive events from a Tripwire device: From the Log Source Type list, select the Tripwire Enterprise option.

    For more information about your Tripwire device, see your vendor documentation.