Configuring Microsoft Exchange Server to communicate with QRadar

Before you begin

Ensure that the firewalls that are located between the Exchange Server and the remote host allow traffic on the following ports:
  • TCP port 135 for Microsoft Endpoint Mapper.
  • UDP port 137 for NetBIOS name service.
  • UDP port 138 for NetBIOS datagram service.
  • TCP port 139 for NetBIOS session service.
  • TCP port 445 for Microsoft Directory Services to transfer files across a Windows share.

Procedure

  1. Configure OWA logs.
  2. Configure SMTP logs.
  3. Configure MSGTRK logs.