To retriev events in IBM
QRadar, you must configure your
TippingPoint X505/X506 device to send events to QRadar.
Procedure
-
Log in to your TippingPoint X505/X506 device.
-
From the LSM menu, select .
The Syslog Servers window is displayed.
-
For each log type you want to forward, select a check box and type the IP address of your QRadar.
Note: If your QRadar is in a
different subnet than your TippingPoint device, you might have to add static routes. For more
information, see your vendor documentation.
You are now ready to configure the log source in QRadar.
-
To configure QRadar to
receive events from a TippingPoint X505/X506 device: From the Log Source Type
list, select the TippingPoint X Series Appliances option.
Note: If you have a previously configured TippingPoint X505/X506 DSM installed and configured on
your QRadar, the TippingPoint
X Series Appliances option is still displayed in the Log Source Type list.
However, for any new TippingPoint X505/X506 DSM that you configure, you must select the
TippingPoint Intrusion Prevention System (IPS) option.