Configuring Kisco Information Systems SafeNet/i to communicate with QRadar

To collect SafeNet/i events, configure your IBM® i system to accept FTP GET requests from your QRadar® through Kisco Information Systems SafeNet/i.

About this task

Use the following table when you configure the FTP access settings:
Table 1. FTP access settings
Parameter Value
Initial Name Format *PATH
Initial List Format *UNIX
Initial Library *USRPRF
Initial Home Directory Path The IFS directory


  1. Create an IFS directory on your IBM i system.
    1. Log in to your IBM i system.
    2. Create an IFS Directory to hold the Kisco Information Systems SafeNet/i QRadar alert files.

      Example: /SafeNet/QRadar/

    3. Set up a user profile for QRadar to use to FTP into the IFS Directory through SafeNet/i.

      Example: QRADARUSER

  2. Configure FTP access for the QRadar user profile.
    1. Log in to Kisco Information Systems SafeNet/i.
    2. Type GO SN7 and select Work with User to Server Security.
    3. Type the user profile name that you created for QRadar, for example, QRADARUSER.
    4. Type 1 for the FTP Server Request Validation *FTPSERVER and FTP Server Logon *FTPLOGON3 servers.
    5. Press F3 and select Work with User to FTP Statement Security and type the user profile name again.
    6. Type 1 for the List Files and Receiving Files FTP operations.
    7. Press F4 and configure FTP access parameters for the user. See Table 1.
    8. Press F3 and select Work with User to Long Paths.
    9. Press F6 and provide the path to the IFS directory.

      Ensure that the path is followed by an asterisk, for example, /SafeNet/QRadar/*

    10. Type X under the R column.
    11. Press F3 to exit.
  3. Type CHGRDRSET and then press F4.
  4. Configure the following parameters:
    Paramter Value
    Activate QRADAR Integration Yes
    This Host Identifier The IP address or host name of the IBM i system.
    IFS Path to QRADAR Alert File Use the following format: /SafeNet/QRadar/
  5. Type CHGNOTIFY and press F4.
  6. Configure the following parameters:
    Parameter Value
    Alert Notification Status On
    Summarized Alerts? Yes