Configuring IBM Security Access Manager for Mobile to communicate with QRadar

Configure IBM Security Access Manager for Mobile to send audit logs to IBM QRadar through TLS syslog.

Before you begin

Ensure that IBM Security Access Manager for Mobile has access to QRadar for TLS syslog communication.

Procedure

  1. Select Monitor Analysis and Diagnosis > Logs > Audit Configuration.
  2. Click the Syslog tab and enter the information in the following table.
    Field Value
    Enable audit log Click Enable audit log.
    Enable verbose audit events Click Enable verbose audit events.

    Audit events that are not verbose do not contain the JSON payload, which contains details of user activity.

    Location of syslog server Select On a remote server
    Host The QRadar server host name or IP.
    Port The port number that you want to use for QRadar to accept incoming TLS syslog events.
    Protocol Select TLS
    Certificate database (truststore) The truststore that validates the syslog server certificate.

    Enable client certificate authentication

    Click Enable client certificate authentication.

    The client can do client certificate authentication during the SSL handshake upon server request.

    Certificate database (keystore)

    The keystore for client certificate authentication.
    Certificate label The personal certificate for client certificate authentication
    Enable disk failover Clear Enable disk failover.
  3. Click Save.
  4. Click Click here to review the changes or apply them to the system to review pending changes.
  5. Click Deploy Changes.

    The runtime server restarts automatically if any of the new changes require a restart.