Configuring IBM Security Trusteer Apex Advanced Malware Protection to send syslog events to QRadar

You can configure IBM® Security Trusteer Apex™ Advanced Malware Protection to send syslog events to IBM QRadar.

Before you begin

Install an Apex Local Manager on your Trusteer Management Application™ (TMA).

For more information about configuring your IBM Security Trusteer Apex Advanced Malware Protection to communicate with QRadar, see:
  • IBM Security Trusteer Apex Advanced Malware Protection Local Manager - Hybrid Solution Reference Guide
  • IBM Security Trusteer Apex Advanced Malware Protection Feeds Reference Guide
Note: SSL/TLS authentication is not supported.

Procedure

  1. Log in to Trusteer Management Application (TMA).
  2. Select Apex Local Manager & SIEM Settings.
  3. Optional: If the Apex Local Manager wizard doesn't automatically display, click Add.
  4. Type the name of the Apex Local Manager.
  5. Select the Enable check box and click Next.
  6. Type the server settings for QRadar and click Next.
  7. Optional: If you use a separate syslog server for the Apex Local Manager system events, type the settings.
  8. Click Finish.