Configuring SolarWinds Orion to communicate with QRadar®

To collect events in IBM QRadar from SolarWinds Orion, you must configure your SolarWinds Orion Alert Manager device to create SNMP traps.

Procedure

  1. Log in to your SolarWinds Orion Alert Manager device.
  2. Select Start > All Programs > SolarWinds Orion > Alerting, Reporting, and Mapping > Advanced Alert Manager.
  3. In the Alert Manager Quick Start window, click Configure Alerts.
  4. In the Manage Alerts window, select an existing alert and then click Edit.
  5. Click the Triggered Actions tab.
  6. Click Add New Action.
  7. In the Select an Action window, select Send an SNMP Trap and then click OK.
  8. To configure SNMP Trap Destinations, type the IP address of the QRadar Console or QRadar Event Collector.
  9. To configure the Trap Template, select ForwardSyslog.
  10. To configure the SNMP Version, select the SNMP version that you want to use to forward the event:

    SNMPv2c - Type the SNMP Community String to use for SNMPv2c authentication. The default SNMP Community String value is public.

    Figure 1. Edit SNMP Trap Action configuration for SNMPv2c
    Edit SNMP Trap Action configuration for SNMPv2c
    Note: To verify that your SNMP trap is configured properly, select an alert that you edited and click Test. This action triggers and forwards the events to QRadar.

    SNMPv3 - Type the Username and then select the Authentication Method to use for SNMPv3.

    Figure 2. Edit SNMP Trap Action configuration for SNMPv3
    Edit SNMP Trap Action configuration for SNMPv3
    Note: To verify that your SNMP trap is configured properly, select an alert that you edited and click Test. This action triggers and forwards the events to QRadar.
  11. Click OK.

What to do next

Repeat these steps to configure the SolarWinds Orion Alert Manager with all of the SNMP trap alerts that you want to monitor in QRadar.