To collect syslog events from Exabeam, you must add a destination
that specifies QRadar as
the syslog server.
Procedure
-
Log in to your Exabeam user interface (https://<Exabeam_IP>:8484).
-
Select https://<Exabeam_IP>:8484 and type
#setup at the end of the url address.
https://<Exabeam_IP>:8484/#setup
- In the Navigation pane, click Incident
Notification.
- Select Send via Syslog and configure
the following syslog parameters.
Parameter |
Description |
IP Address or Hostname |
The IP address of the QRadar Event Collector . |
Protocol |
TCP |
Port |
514 |
Syslog Severity Level |
Emergency |