WatchGuard Fireware OS
The IBM® QRadar® DSM for WatchGuard Fireware OS can collect event logs from your WatchGuard Fireware OS.
The following table identifies the specifications for the WatchGuard
Fireware OS DSM:
| Specification | Value |
|---|---|
| Manufacturer | WatchGuard |
| DSM name | WatchGuard Fireware OS |
| RPM file name | DSM-WatchGuardFirewareOS-QRadar-version-Build_number.noarch.rpm |
| Supported versions | Fireware XTM OS v11.9 and later |
| Event format | syslog |
| QRadar recorded event types | All events |
| Automatically discovered? | Yes |
| Includes identity? | No |
| More information | WatchGuard Website (http://www.watchguard.com/) |
To integrate the WatchGuard Fireware OS with QRadar,
use the following steps:
- If automatic updates are not enabled, download and install the most recent versions of the
following RPMs from the IBM Support Website onto your QRadar Console.
- DSMCommon RPM
- WatchGuard Fireware OS RPM
- For each instance of WatchGuard Fireware OS, configure your WatchGuard Fireware OS appliance to enable communication with QRadar. You can use one the following procedures:
- If QRadar does not automatically discover the WatchGuard Fireware OS log source, create a log source for each instance of WatchGuard Fireware OS on your network. For more information about configuring the log source, see Syslog log source parameters for WatchGuard Fireware OS.