IBM Privileged Session Recorder
The IBM QRadar DSM for IBM® Privileged Session Recorder can collect event logs from your IBM Privileged Session Recorder device.
The following table lists the specifications for the IBM
Privileged Session Recorder DSM.
Specification | Value |
---|---|
Manufacturer | IBM |
DSM name | Privileged Session Recorder |
RPM filename | DSM-IBMPrivilegedSessionRecorder |
Protocol | JDBC |
QRadar recorded event types | Command Execution Audit Events |
Automatically discovered? | No |
Includes identity? | No |
More information | IBM website (http://www.ibm.com/) |
To collect IBM Privileged Session Recorder events, use the
following procedures:
- If automatic updates are not enabled, download and install the following RPMs from the IBM Support Website onto your QRadar Console:
- Protocol-JDBC RPM
- IBM Privileged Session Recorder DSM RPM
- On the IBM Security Privileged Identity Manager dashboard, obtain the database information for the Privileged Session Recorder data store and configure your IBM Privileged Session Recorder DB2® database to allow incoming TCP connections.
- For each instance of IBM Privileged Session Recorder,
create an IBM Privileged Session Recorder log source on the
QRadar Console. Use the
following table to define the Imperva SecureSphere parameters:
Table 2. IBM Privileged Session Recorder log source parameters Parameter Description Log Source Type IBM Privileged Session Recorder Protocol Configuration JDBC Log Source Identifier DATABASE@HOSTNAME Database Type DB2 Database Name The Session Recorder data store name that you configured on the IBM Privileged Identity Manager dashboard. IP or Hostname The Session Recorder database server address. Port The port that is specified on IBM Privileged Identity Manager dashboard. Username The DB2 database user name Password The DB2 database password Predefined Query IBM Privileged Session Recorder Use Prepared Statements This option must be selected. Start Date and Time The initial date and time for the JDBC retrieval.