HCL BigFix SOAP protocol configuration options (formerly known as IBM BigFix)
To receive Log Event Extended Format (LEEF) formatted events from HCL BigFix appliances, configure a log source that uses the HCL BigFix SOAP protocol.
Important: HCL BigFix is formerly known as IBM
BigFix.
This protocol requires HCL BigFix versions 8.2.x to 9.5.2, and the Web Reports application for HCL BigFix.
The HCL BigFix SOAP protocol is an outbound/active protocol that retrieves events in 30-second intervals over HTTP or HTTPS. As events are retrieved, the HCL BigFix DSM parses and categorizes the events.
The following table describes the protocol-specific parameters for the HCL BigFix SOAP protocol:
| Parameter | Description |
|---|---|
| Protocol Configuration | HCL BigFix SOAP |
| Log Source Identifier |
Type the IP address or host name for your HCL BigFix appliance. The IP address or host name identifies your HCL BigFix as a unique event source in QRadar. |
| Use HTTPS | If a certificate is required to connect with HTTPS, copy the required certificates to the following directory: /opt/qradar/conf/trusted_certificates. Certificates that have following file extensions: .crt, .cert, or .der are supported. Copy the certificates to the trusted certificates directory before the log source is saved and deployed. |
| SOAP Port | By default, port 80 is the port number for communicating with HCL BigFix. Most configurations use port 443 for HTTPS communications. |
| Username | The username that you use to access BigFix. |
| Password | The password that you use to access BigFix. |
| Polling Interval (In Minutes) | The number of minutes between queries to the log files to check for new data. The default is 15 minutes. The minimum value for the polling interval is 1 minute, and the maximum value is 60 minutes. |