HCL BigFix SOAP protocol configuration options (formerly known as IBM BigFix)
To receive Log Event Extended Format (LEEF) formatted events from HCL BigFix® appliances, configure a log source that uses the HCL BigFix SOAP protocol.
This protocol requires HCL BigFix versions 8.2.x to 9.5.2, and the Web Reports application for HCL BigFix.
The HCL BigFix SOAP protocol is an outbound/active protocol that retrieves events in 30-second intervals over HTTP or HTTPS. As events are retrieved, the HCL BigFix DSM parses and categorizes the events.
| Parameter | Description |
|---|---|
| Protocol Configuration | HCL BigFix SOAP |
| Log Source Identifier |
Type a unique name for the log source. The Log Source Identifier can be any valid value and does not need to reference a specific server. It can also be the same value as the Log Source Name. If you have more than one configured HCL BigFix SOAP log source, ensure that you give each one a unique name. |
| Use HTTPS | If a certificate is required to connect with HTTPS, copy the required certificates to the following directory: /opt/qradar/conf/trusted_certificates. Certificates that have following file extensions: .crt, .cert, or .der are supported. Copy the certificates to the trusted certificates directory before the log source is saved and deployed. |
| SOAP Port | By default, port 80 is the port number for communicating with HCL BigFix. Most configurations use port 443 for HTTPS communications. |
| Username | The username that you use to access BigFix. |
| Password | The password that you use to access BigFix. |
| Polling Interval (In Minutes) | The number of minutes between queries to the log files to check for new data. The default is 15 minutes. The minimum value for the polling interval is 1 minute, and the maximum value is 60 minutes. |