You must install the MSRPC protocol RPM on the QRadar
Console before events can be collected
from a Windows host.
Before you begin
Ensure that you download the MSRPC protocol RPM from the IBM® Support Website onto your QRadar
Console.
Procedure
-
Log in to the QRadar
Console as a
root user.
-
Copy the MSRPC protocol RPM to a directory on the QRadar
Console.
-
Go to the directory where you copied the MSRPC protocol RPM by typing the following
command:
-
Install the MSRPC protocol RPM by typing the following command:
yum –y install PROTOCOL-WindowsEventRPC-<version_number>.noarch.rpm
-
From the Admin tab of the QRadar
Console, select .
-
After you deploy the configuration, select .