Configuring Kisco Information Systems SafeNet/i to communicate with QRadar

To collect SafeNet/i events, configure your IBM® i system to accept FTP GET requests from your QRadar® through Kisco Information Systems SafeNet/i.

1. Create an IFS directory on your IBM i system.
   1. Log in to your IBM i system.
   2. Create an IFS Directory to hold the Kisco Information Systems SafeNet/i QRadar alert files.

      Example: /SafeNet/QRadar/

   3. Set up a user profile for QRadar to use to FTP into the IFS Directory through SafeNet/i.

      Example: QRADARUSER

2. Configure FTP access for the QRadar user profile.
   1. Log in to Kisco Information Systems SafeNet/i.
   2. Type GO SN7 and select Work with User to Server Security.
   3. Type the user profile name that you created for QRadar, for example, QRADARUSER.
   4. Type 1 for the FTP Server Request Validation *FTPSERVER and FTP Server Logon *FTPLOGON3 servers.
   5. Press F3 and select Work with User to FTP Statement Security and type the user profile name again.
   6. Type 1 for the List Files and Receiving Files FTP operations.
   7. Press F4 and configure FTP access parameters for the user. See Table 1.
   8. Press F3 and select Work with User to Long Paths.
   9. Press F6 and provide the path to the IFS directory.

      Ensure that the path is followed by an asterisk, for example, /SafeNet/QRadar/*

   10. Type X under the R column.
   11. Press F3 to exit.
3. Type CHGRDRSET and then press F4.
4. Configure the following parameters:

   Paramter	Value
   Activate QRADAR Integration	Yes
   This Host Identifier	The IP address or host name of the IBM i system.
   IFS Path to QRADAR Alert File	Use the following format: /SafeNet/QRadar/

5. Type CHGNOTIFY and press F4.
6. Configure the following parameters:

   Parameter	Value
   Alert Notification Status	On
   Summarized Alerts?	Yes