IBM Security Network IPS (GX)
The IBM® Security Network IPS (GX) DSM for IBM Security QRadar collects LEEF-based events from IBM Security Network IPS appliances by using the syslog protocol.
The following table identifies the specifications for the IBM Security Network IPS (GX) DSM:
| Parameter | Value |
|---|---|
| Manufacturer | IBM |
| DSM | Security Network IPS (GX) |
| RPM file name | DSM-IBMSecurityNetworkIPS-QRadar_version-Build_number.noarch.rpm |
| Supported versions | v4.6 and later (UDP) v4.6.2 and later (TCP) |
| Protocol | syslog (LEEF) |
| QRadar recorded events |
Security alerts (including IPS and SNORT) Health alerts System alerts IPS events (Including security, connection, user defined, and OpenSignature policy events) |
| Automatically discovered? | Yes |
| Includes identity? | No |
To integrate the IBM Security Network IPS (GX) appliance
with QRadar, use the following steps:
- If automatic updates are not enabled, download and install the most recent version of the IBM Security Network IPS (GX) RPMs from the IBM Support Website onto your QRadar Console.
- For each instance of IBM Security Network IPS (GX), configure your IBM Security Network IPS (GX) appliance to enable communication with QRadar.
- If QRadar does not automatically discover the log source, create a log source for each instance of IBM Security Network IPS (GX) on your network.