Configuring Cisco CSA to send events to IBM QRadar

Configuration of your Cisco CSA server to forward events.

About this task

Take the following steps to configure your Cisco CSA server to forward events:

Procedure

  1. Open the Cisco CSA user interface.
  2. Select Events > Alerts.
  3. Click New.

    The Configuration View window is displayed.

  4. Type in values for the following parameters:
    • Name - Type a name that you want to assign to your configuration.
    • Description - Type a description for the configuration. This step is not a requirement.
  5. From the Send Alerts, select the event set from the list to generate alerts.
  6. Select the SNMP check box.
  7. Type a Community name.

    The Community name that is entered in the CSA user interface must match the Community name that is configured on IBM QRadar. This option is only available for the SNMPv2 protocol.

  8. For the Manager IP address parameter, type the IP address of QRadar.
  9. Click Save.

    You are now ready to configure the log source in QRadar.