Configuring a FireEye log source in QRadar

IBM QRadar automatically creates a log source after your QRadar Console receives FireEye events. If QRadar does not automatically discover FireEye events, you can manually add a log source for each instance from which you want to collect event logs.

About this task

If you are using QRadar 7.3.1 and later, you can add a log source by using the QRadar Log Source Management app.

In QRadar 7.5.0 Update Package 4 and later, when you click the Log Sources icon, the QRadar Log Source Management app opens.

Procedure

  1. Log in to QRadar
  2. Click the Admin tab.
  3. On the navigation menu, click Data Sources.
  4. Click the Log Sources icon.
  5. Click Add.
  6. From the Log Source Type list, select FireEye.
  7. Using the Protocol Configuration list, select Syslog.
  8. In the Log Source Identifier field, type the IP address or host name of the FireEye appliance.
  9. Configure the remaining parameters.
  10. Click Save.
  11. On the Admin tab, click Deploy Changes.