STEALTHbits StealthINTERCEPT Alerts

IBM QRadar collects alerts logs from a STEALTHbits StealthINTERCEPT server by using STEALTHbits StealthINTERCEPT Alerts DSM

The following table identifies the specifications for the STEALTHbits StealthINTERCEPT Alerts DSM:
Table 1. STEALTHbits StealthINTERCEPT Alerts DSM specifications
Specification Value
Manufacturer STEALTHbits Technologies
DSM name STEALTHbits StealthINTERCEPT Alerts
RPM file name DSM-STEALTHbitsStealthINTERCEPTAlerts-Qradar_version-build_number.noarch.rpm
Supported versions 3.3
Protocol Syslog LEEF
Recorded event types Active Directory Alerts Events
Automatically discovered? Yes
Includes identity? No
Includes custom properties? No
More information StealthINTERCEPT (http://www.stealthbits.com/products/stealthintercept)
To integrate STEALTHbits StealthINTERCEPT with QRadar, complete the following steps:
  1. If automatic updates are not enabled, download and install the most recent version of the following RPMs from the IBM® Support Website onto your QRadar Console:
    • DSMCommon RPM
    • STEALTHbitsStealthINTERCEPT RPM
    • STEALTHbitsStealthINTERCEPTAlerts RPM
  2. Configure your STEALTHbits StealthINTERCEPT device to send syslog events to QRadar.
  3. If QRadar does not automatically detect the log source, add a STEALTHbits StealthINTERCEPT Alerts log source on the QRadar Console. The following table describes the parameters that require specific values for STEALTHbits StealthINTERCEPT Alerts event collection:
    Table 2. STEALTHbits StealthINTERCEPT Alerts log source parameters
    Parameter Value
    Log Source type STEALTHbits StealthINTERCEPT Alerts
    Protocol Configuration Syslog