You can integrate IBM®
QRadar® with Sophos PureMessage for Linux®.
Procedure
-
Navigate to your Sophos PureMessage PostgreSQL database directory:
cd /opt/pmx/postgres-8.3.3/bin
-
Access the pmx_quarantine database SQL prompt:
-
Type the following command to create a SIEM view in your Sophos database to support QRadar:
create view siem_view as select 'Linux PureMessage' as application, id, b.name, m_date, h_from_local, h_from_domain, m_global_id, m_message_size, outbound, h_to, c_subject_utf8 from message a, m_reason b where a.reason_id = b.reason_id;
What to do next
After you create your database view, you must configure QRadar to receive event
information by using the JDBC protocol.