Configuring your TippingPoint X506/X506 device to communicate with QRadar

To retriev events in IBM QRadar, you must configure your TippingPoint X505/X506 device to send events to QRadar.

Procedure

  1. Log in to your TippingPoint X505/X506 device.
  2. From the LSM menu, select System > Configuration > Syslog Servers.

    The Syslog Servers window is displayed.

  3. For each log type you want to forward, select a check box and type the IP address of your QRadar.
    Note: If your QRadar is in a different subnet than your TippingPoint device, you might have to add static routes. For more information, see your vendor documentation.

    You are now ready to configure the log source in QRadar.

  4. To configure QRadar to receive events from a TippingPoint X505/X506 device: From the Log Source Type list, select the TippingPoint X Series Appliances option.
    Note: If you have a previously configured TippingPoint X505/X506 DSM installed and configured on your QRadar, the TippingPoint X Series Appliances option is still displayed in the Log Source Type list. However, for any new TippingPoint X505/X506 DSM that you configure, you must select the TippingPoint Intrusion Prevention System (IPS) option.