IBM Security Access Manager for Mobile

The IBM QRadar DSM for IBM Security Access Manager for Mobile collects logs from an IBM Security Access Manager for Mobile device, and an IBM Identity as a Service (IDaaS) device.

The following table identifies the specifications for the IBM Security Access Manager for Mobile DSM:

Table 1. IBM Security Access Manager for Mobile DSM specifications
Specification Value
Manufacturer IBM
DSM name IBM Security Access Manager for Mobile
RPM file name DSM-IBMSecurityAccessManagerForMobile-7.x -Qradar_version-Buildbuild_number.noarch.rpm
Supported versions

IBM Security Access Manager for Mobile v8.0.0

IBM IDaaS v2.0

Event Format

Common Base Event Format

Log Event Extended Format (LEEF)

Recorded event types

IBM_SECURITY_AUTHN

IBM_SECURITY_TRUST

IBM_SECURITY_RUNTIME

IBM_SECURITY_CBA_AUDIT_MGMT

IBM_SECURITY_CBA_AUDIT_RTE

IBM_SECURITY_RTSS_AUDIT_AUTHZ

IBM_SECURITY_SIGNING

CloudOE

Operations

Usage

IDaas Appliance Audit

IDaaS Platform Audit

Automatically discovered? Yes
Includes identity? No
Includes custom properties? No
More information www.ibm.com/software (http://www-03.ibm.com/software/products/en/access-mgr-mobile).

To integrate IBM Security Access Manager for Mobile with QRadar, complete the following steps:

  1. If automatic updates are not enabled, download the most recent version of the following RPMs from the IBM® Support Website onto your QRadar Console:

    TLS Syslog Protocol RPM

    IBM Security Access Manager for Mobile DSM RPM

  2. Configure your IBM Security Access Manager for Mobile device to send syslog events to QRadar.
  3. If QRadar does not automatically detect the log source, add an IBM Security Access Manager for Mobile log source on the QRadar console. The following table describes the parameters that require specific values for IBM Security Access Manager for Mobile and IBM Identity as a Service event collection:
    Table 2. IBM Security Access Manager for Mobile log source parameters
    Parameter Value
    Log Source type IBM Security Access Manager for Mobile or IBM Identity as a Service
    Protocol Configuration TLS Syslog
    Log Source Identifier

    The IP address or host name in the Syslog header. Use the packet IP address, if the Syslog header does not contain an IP address or host name.

    TLS Listen Port

    Type the port number to accept incoming TLS Syslog Event.

  4. Saving the log source creates a listen port for incoming TLS Syslog events and generates a certificate for the network devices. The certificate must be copied to any device on your network that can forward encrypted syslog. Additional network devices with a syslog-tls certificate file and the TLS listen port number can be automatically discovered as a TLS syslog log source in QRadar.