The Sophos Web Security Appliance (WSA)
DSM for IBM
QRadar accepts
events using syslog.
About this task
QRadar records
all relevant events forwarded from the transaction log of the Sophos
Web Security Appliance. Before configuring QRadar,
you must configure your Sophos WSA appliance to forward syslog events.
To
configure your Sophos Web Security Appliance to forward syslog events:
Procedure
- Log in to your Sophos Web Security Appliance.
- From the menu, select .
- Select the Syslog tab.
- Select the Enable syslog transfer of web traffic check
box.
- In the Hostname/IP text box, type
the IP address or host name of QRadar.
- In the Port text box, type 514.
- From the Protocol list, select a
protocol. The options are:
- TCP - The TCP protocol is supported with QRadar on
port 514.
- UDP - The UDP protocol is supported with QRadar on
port 514.
- TCP - Encrypted - TCP Encrypted is an unsupported
protocol for QRadar.
- Click Apply.
You can
now configure the Sophos Web Security Appliance DSM in QRadar.
- QRadar automatically
detects syslog data from a Sophos Web Security Appliance. To manually
configure QRadar to
receive events from Sophos Web Security Appliance: From the Log
Source Type list, select Sophos Web Security
Appliance.