Riverbed SteelCentral NetProfiler (Cascade Profiler) Audit

The IBM QRadar DSM for Riverbed SteelCentral NetProfiler Audit collects audit logs from your Riverbed SteelCentral NetProfiler system. This product is also known as Cascade Profiler.

The following table identifies the specifications for the Riverbed SteelCentral NetProfiler DSM:
Table 1. Riverbed SteelCentral NetProfiler specifications
Specification Value
Manufacturer Riverbed
DSM name SteelCentral NetProfiler Audit
RPM file name DSM-RiverbedSteelCentralNetProfilerAudit-Qradar_version-build_number.noarch.rpm
Protocol Log file
Recorded event types Audit Events
Automatically discovered? No
Includes identity? Yes
Includes custom properties? No
More information Riverbed website (http://www.riverbed.com/)
To integrate Riverbed SteelCentral NetProfiler Audit with QRadar, complete the following steps:
  1. If automatic updates are not enabled, download and install the most recent versions of the following RPMs from the IBM® Support Website onto your QRadar Console.
    • Protocol-LogFile RPM
    • Riverbed SteelCentral NetProfiler Audit RPM
  2. Create an audit report template on your Riverbed host and then configure a third-party host to use the template to generate the audit file. See Creating a Riverbed SteelCentral NetProfiler report template and generating an audit file.
  3. Create a log source on the QRadar Console. The log source allows QRadar to access the third-party host to retrieve the audit file. Use the following table to define the Riverbed-specific parameters:
    Table 2. Riverbed SteelCentral NetProfiler log source parameters
    Parameter Description
    Log Source Type Riverbed SteelCentral NetProfiler Audit
    Protocol Configuration LogFile
    Remote IP or Hostname The IP address or host name of the third-party host that stores the generated audit file
    Remote User The user name for the account that can access the host.
    Remote Password The password for the user account.
    Remote Directory The absolute file path on the third-party host that contains the generated audit file.
    FTP File Pattern A regex pattern that matches the name of the audit file.
    Recurrence Ensure that recurrence matches the frequency at which the SteelScript for Python SDK script is run on the remote host.
    Event Generator Line Matcher
    Line Matcher RegEx
    ^\d+/\d+/\d+ \d+:\d+,