Configuring the EMC VMWare protocol for ESX or ESXi servers
You can configure the EMC VMWare protocol to read events from your VMware ESXi server. The EMC VMWare protocol uses HTTPS to poll for ESX and ESXi servers for events.
About this task
Before you configure your log source to use the EMC VMWare protocol, it is suggested that you create a unique user to poll for events. This user can be created as a member of the root or administrative group, but you must provide the user with an assigned role of read-only permission. This ensures that IBM® QRadar® can collect the maximum number of events and retain a level of security for your virtual servers. For more information about user roles, see your VMware documentation.
To integrate EMC VMWare with QRadar, you must complete the following tasks:
- Create an ESX account for QRadar.
- Configure account permissions for the QRadar user.
- Configure the EMC VMWare protocol in QRadar.
Creating a user who is not part of the root or an administrative group might lead to some events not being collected by QRadar. It is suggested that you create your QRadar user to include administrative privileges, but assign this custom user a read-only role.