Forcepoint Sidewinder

Forcepoint Sidewinder is formerly known as McAfee Firewall Enterprise. The IBM QRadar DSM for Forcepoint Sidewinder collects logs from a Forcepoint Sidewinder Firewall Enterprise device by using the Syslog protocol.

To integrate Forcepoint Sidewinder with QRadar, complete the following steps:
  1. If automatic updates are not enabled, RPMs are available for download from the IBM® support website (http://www.ibm.com/support). Download and install the Forcepoint Sidewinder DSM RPM on your QRadar Console.
  2. Configure Forcepoint Sidewinder to communicate with QRadar.
  3. If QRadar does not automatically detect the log source, add a Forcepoint Sidewinder log source on the QRadar Console. The following table describes the parameters that require specific values for Forcepoint Sidewinder event collection:
    Table 1. Forcepoint Sidewinder log source parameters
    Parameter Value
    Log Source type Forcepoint Sidewinder
    Protocol Configuration Syslog