Configuring Sourcefire Intrusion Sensor

To configure your Sourcefire Intrusion Sensor, you must enable policy alerts and configure your appliance to forward the event to QRadar®.

Procedure

  1. Log in to your Sourcefire user interface.
  2. On the navigation menu, select Intrusion Sensor > Detection Policy > Edit.
  3. Select an active policy and click Edit.
  4. Click Alerting.
  5. In the State field, select on to enable the syslog alert for your policy.
  6. From the Facility list, select Alert.
  7. From the Priority list, select Alert.
  8. In the Logging Host field, type the IP address of the QRadar Console or Event Collector.
  9. Click Save.
  10. On the navigation menu, select Intrusion Sensor > Detection Policy > Apply.
  11. Click Apply.

What to do next

You are now ready to configure the log source in QRadar.