WatchGuard Fireware OS
The IBM QRadar DSM for WatchGuard Fireware OS can collect event logs from your WatchGuard Fireware OS.
The following table identifies the specifications for the WatchGuard
Fireware OS DSM:
| Specification | Value |
|---|---|
| Manufacturer | WatchGuard |
| DSM name | WatchGuard Fireware OS |
| RPM file name | DSM-WatchGuardFirewareOS-QRadar-version-Build_number.noarch.rpm |
| Supported versions | Fireware XTM OS v11.9 and later |
| Event format | syslog |
| QRadar recorded event types | All events |
| Automatically discovered? | Yes |
| Includes identity? | No |
| More information | WatchGuard Website (http://www.watchguard.com/) |
To integrate the WatchGuard Fireware OS with QRadar,
use the following steps:
- If automatic updates are not enabled, download and install the most recent versions of the
following RPMs from the IBM® Support Website onto your QRadar Console.
- DSMCommon RPM
- WatchGuard Fireware OS RPM
- For each instance of WatchGuard Fireware OS, configure your WatchGuard Fireware OS appliance to enable communication with QRadar. You can use one the following procedures:
- If QRadar does not automatically discover the WatchGuard Fireware OS log source, create a log source for each instance of WatchGuard Fireware OS on your network. For more information about configuring the log source, see Syslog log source parameters for WatchGuard Fireware OS.