Configuring Exabeam to communicate with QRadar

To collect syslog events from Exabeam, you must add a destination that specifies QRadar as the syslog server.

Procedure

  1. Log in to your Exabeam user interface (https://<Exabeam_IP>:8484).
  2. Select https://<Exabeam_IP>:8484 and type #setup at the end of the url address.
    https://<Exabeam_IP>:8484/#setup
  3. In the Navigation pane, click Incident Notification.
  4. Select Send via Syslog and configure the following syslog parameters.
    Parameter Description
    IP Address or Hostname The IP address of the QRadar Event Collector .
    Protocol TCP
    Port 514
    Syslog Severity Level Emergency