Riverbed SteelCentral NetProfiler (Cascade Profiler) Audit
The IBM QRadar DSM for Riverbed SteelCentral NetProfiler Audit collects audit logs from your Riverbed SteelCentral NetProfiler system. This product is also known as Cascade Profiler.
The following table identifies the specifications for the Riverbed
SteelCentral NetProfiler DSM:
Specification | Value |
---|---|
Manufacturer | Riverbed |
DSM name | SteelCentral NetProfiler Audit |
RPM file name | DSM-RiverbedSteelCentralNetProfilerAudit-Qradar_version-build_number.noarch.rpm |
Protocol | Log file |
Recorded event types | Audit Events |
Automatically discovered? | No |
Includes identity? | Yes |
Includes custom properties? | No |
More information | Riverbed website (http://www.riverbed.com/) |
To integrate Riverbed SteelCentral NetProfiler Audit with QRadar,
complete the following steps:
- If automatic updates are not enabled, download and install the most recent versions of the
following RPMs from the IBM® Support Website onto your QRadar Console.
- Protocol-LogFile RPM
- Riverbed SteelCentral NetProfiler Audit RPM
- Create an audit report template on your Riverbed host and then configure a third-party host to use the template to generate the audit file. See Creating a Riverbed SteelCentral NetProfiler report template and generating an audit file.
- Create a log source on the QRadar
Console. The log source allows QRadar to
access the third-party host to retrieve the audit
file. Use the following table to define the Riverbed-specific
parameters:
Table 2. Riverbed SteelCentral NetProfiler log source parameters Parameter Description Log Source Type Riverbed SteelCentral NetProfiler Audit Protocol Configuration LogFile Remote IP or Hostname The IP address or host name of the third-party host that stores the generated audit file Remote User The user name for the account that can access the host. Remote Password The password for the user account. Remote Directory The absolute file path on the third-party host that contains the generated audit file. FTP File Pattern A regex pattern that matches the name of the audit file. Recurrence Ensure that recurrence matches the frequency at which the SteelScript for Python SDK script is run on the remote host. Event Generator Line Matcher Line Matcher RegEx ^\d+/\d+/\d+ \d+:\d+,