RabbitMQ protocol configuration options
To receive messages from a Cisco AMP DSM, configure a log source to use the RabbitMQ protocol.
The RabbitMQ protocol is an active outbound protocol.
The following table describes the protocol-specific parameters for the RabbitMQ protocol:
Parameter | Description |
---|---|
Protocol Name | RabbitMQ |
Log Source Identifier |
Type a unique name for the log source. The Log Source Identifier can be any valid value and does not need to reference a specific server. It can also be the same value as the Log Source Name. If you have more than one configured RabbitMQ log source, ensure that you give each one a unique name. |
Event Format | The Event Format tells the protocol what type of events to expect. Officially supported products have specific options available for them. For unsupported products, you can use No Formatting or JSON. |
IP or Hostname | The IP address or hostname of the primary queue manager. |
Port | The port that is provided by the AMQP service when a queue is created or viewed. |
Queue | The queue or list of queues to monitor. A list of queues is specified with a comma-separated list. |
Username | The username that is used for authenticating with the RabbitMQ service. |
Password | The password that is used to authenticate with the RabbitMQ service. |
EPS Throttle |
The maximum number of events per second that QRadar ingests. If your data source exceeds the EPS throttle, data collection is delayed. Data is still collected and then it is ingested when the data source stops exceeding the EPS throttle. The default is 5000. |
Allow Untrusted Certificates |
Enable this option when the endpoint is using a certificate that cannot be verified via the Certificate Chain. This would include a self-signed certificate, or one from a private CA that you do not want to import into your CA trust. This option should not be used for endpoints with a certificate issued by a Public CA (SaaS Products, Public Cloud Infrastructure, and so on.) The certificate must be downloaded in PEM or DER encoded binary format and then placed in the /opt/qradar/conf/trusted_certificates/ directory with a .cert or .crt file extension. |