IBM Security Access Manager for Mobile
The IBM QRadar DSM for IBM Security Access Manager for Mobile collects logs from an IBM Security Access Manager for Mobile device, and an IBM Identity as a Service (IDaaS) device.
The following table identifies the specifications for the IBM Security Access Manager for Mobile DSM:
Specification | Value |
---|---|
Manufacturer | IBM |
DSM name | IBM Security Access Manager for Mobile |
RPM file name | DSM-IBMSecurityAccessManagerForMobile-7.x -Qradar_version-Buildbuild_number.noarch.rpm |
Supported versions | IBM Security Access Manager for Mobile v8.0.0 IBM IDaaS v2.0 |
Event Format | Common Base Event Format Log Event Extended Format (LEEF) |
Recorded event types | IBM_SECURITY_AUTHN IBM_SECURITY_TRUST IBM_SECURITY_RUNTIME IBM_SECURITY_CBA_AUDIT_MGMT IBM_SECURITY_CBA_AUDIT_RTE IBM_SECURITY_RTSS_AUDIT_AUTHZ IBM_SECURITY_SIGNING CloudOE Operations Usage IDaas Appliance Audit IDaaS Platform Audit |
Automatically discovered? | Yes |
Includes identity? | No |
Includes custom properties? | No |
More information | www.ibm.com/software (http://www-03.ibm.com/software/products/en/access-mgr-mobile). |
To integrate IBM Security Access Manager for Mobile with QRadar, complete the following steps:
- If automatic updates are not enabled, download the most recent version of the following RPMs
from the IBM® Support Website onto your QRadar
Console:
TLS Syslog Protocol RPM
IBM Security Access Manager for Mobile DSM RPM
- Configure your IBM Security Access Manager for Mobile device to send syslog events to QRadar.
- If QRadar does
not automatically detect the log source, add an IBM Security Access
Manager for Mobile log source on the QRadar console. The following
table describes the parameters that require specific values for IBM
Security Access Manager for Mobile and IBM Identity as a Service event
collection:
Table 2. IBM Security Access Manager for Mobile log source parameters Parameter Value Log Source type IBM Security Access Manager for Mobile or IBM Identity as a Service Protocol Configuration TLS Syslog Log Source Identifier The IP address or host name in the Syslog header. Use the packet IP address, if the Syslog header does not contain an IP address or host name.
TLS Listen Port Type the port number to accept incoming TLS Syslog Event.
- Saving the log source creates a listen port for incoming TLS Syslog events and generates a certificate for the network devices. The certificate must be copied to any device on your network that can forward encrypted syslog. Additional network devices with a syslog-tls certificate file and the TLS listen port number can be automatically discovered as a TLS syslog log source in QRadar.