Configuring a FireEye log source in QRadar
IBM® QRadar® automatically creates a log source after your QRadar Console receives FireEye events. If QRadar does not automatically discover FireEye events, you can manually add a log source for each instance from which you want to collect event logs.
About this task
If you are using QRadar 7.3.1 and later, you can add a log source by using the QRadar Log Source Management app.
In QRadar 7.5.0 Update Package 4 and later, when you click the Log Sources icon, the QRadar Log Source Management app opens.
- Log in to QRadar
- Click the Admin tab.
- On the navigation menu, click Data Sources.
- Click the Log Sources icon.
- Click Add.
- From the Log Source Type list, select FireEye.
- Using the Protocol Configuration list, select Syslog.
- In the Log Source Identifier field, type the IP address or host name of the FireEye appliance.
- Configure the remaining parameters.
- Click Save.
- On the Admin tab, click Deploy Changes.