Before IBM®
QRadar® can
collect events from Aruba Introspect, you must configure Aruba Introspect to send events to QRadar.
Procedure
-
Log in to the Aruba Introspect Analyzer.
-
Configure forwarding.
-
Click .
-
Configure the following forwarding parameters:
Table 1. Aruba Introspect Analyzer forwarding parameters
Parameter |
Value |
Syslog Destination |
IP or host name of the QRadar
Event Collector. |
Protocol |
TCP or UDP |
Port |
514 |
-
Configure notification.
-
Click .
-
Configure the following notification parameters:
Table 2. Aruba Introspect Analyzer notification parameters
Parameter |
Value |
Enable Alert Syslog Forwarding |
Enable the Enable Alert Syslog Forwarding check box. |
Sending Notification |
As Alerts are produced.
You can customize this setting to send in batches instead of a live stream.
|
TimeZone |
Your local time zone. |
Note: Leave Query, Severity, and
Confidence values as default to send all Alerts. These values can be
customized to filter out and send only a subset of Alerts to QRadar.
What to do next
To help you troubleshoot, you can look at the forwarding logs in the
/var/log/notifier.log file.
When a new notification is created, as described in Step 3, alerts for the last week that match
the Query, Severity, and
Confidence fields are sent.