Microsoft Exchange Server

The IBM® QRadar® DSM for Microsoft Exchange Server collects Exchange events by polling for event log files.

The following table identifies the specifications for the Microsoft Exchange Server DSM:
Table 1. Microsoft Exchange Server
Specification Value
Manufacturer Microsoft
DSM name Exchange Server
RPM file name DSM-MicrosoftExchange-QRadar_version-build_number.noarch.rpm
Supported versions

Microsoft Exchange 2003

Microsoft Exchange 2007

Microsoft Exchange 2010

Microsoft Exchange 2013

Microsoft Exchange 2016

Protocol type

WinCollect for Microsoft Exchange 2003

Microsoft Exchange protocol for Microsoft Exchange 2007, 2010, 2013, and 2016.

QRadar recorded event types

Outlook Web Access events (OWA)

Simple Mail Transfer Protocol events (SMTP)

Message Tracking Protocol events (MSGTRK)

Automatically discovered? No
Included identity? No
More information Microsoft website (http://www.microsoft.com)
To integrate Microsoft Exchange Server with QRadar, use the following steps:
  1. If automatic updates are not enabled, download the most recent version of the Microsoft Exchange Server DSM RPM from the IBM Support Website.
  2. Configure your Microsoft Exchange Server DSM device to enable communication with QRadar.
  3. Create an Microsoft Exchange Server DSM log source on the QRadar Console.