Forcepoint Sidewinder
Forcepoint Sidewinder is formerly known as McAfee Firewall Enterprise. The IBM QRadar DSM for Forcepoint Sidewinder collects logs from a Forcepoint Sidewinder Firewall Enterprise device by using the Syslog protocol.
To integrate Forcepoint Sidewinder with QRadar, complete the following steps:
- If automatic updates are not enabled, RPMs are available for download from the IBM® support website (http://www.ibm.com/support). Download and install the Forcepoint Sidewinder DSM RPM on your QRadar Console.
- Configure Forcepoint Sidewinder to communicate with QRadar.
- If QRadar does not
automatically detect the log source, add a Forcepoint Sidewinder log source on the QRadar Console. The following
table describes the parameters that require specific values for Forcepoint Sidewinder event
collection:
Table 1. Forcepoint Sidewinder log source parameters Parameter Value Log Source type Forcepoint Sidewinder Protocol Configuration Syslog