STEALTHbits StealthINTERCEPT Alerts
IBM QRadar collects alerts logs from a STEALTHbits StealthINTERCEPT server by using STEALTHbits StealthINTERCEPT Alerts DSM
The following table identifies the specifications for the STEALTHbits
StealthINTERCEPT Alerts DSM:
Specification | Value |
---|---|
Manufacturer | STEALTHbits Technologies |
DSM name | STEALTHbits StealthINTERCEPT Alerts |
RPM file name | DSM-STEALTHbitsStealthINTERCEPTAlerts-Qradar_version-build_number.noarch.rpm |
Supported versions | 3.3 |
Protocol | Syslog LEEF |
Recorded event types | Active Directory Alerts Events |
Automatically discovered? | Yes |
Includes identity? | No |
Includes custom properties? | No |
More information | StealthINTERCEPT (http://www.stealthbits.com/products/stealthintercept) |
To integrate STEALTHbits StealthINTERCEPT with QRadar,
complete the following steps:
- If automatic updates are not enabled, download and install the most recent version of the
following RPMs from the IBM® Support Website onto your QRadar
Console:
- DSMCommon RPM
- STEALTHbitsStealthINTERCEPT RPM
- STEALTHbitsStealthINTERCEPTAlerts RPM
- Configure your STEALTHbits StealthINTERCEPT device to send syslog events to QRadar.
- If QRadar
does not automatically detect the log source, add
a STEALTHbits StealthINTERCEPT Alerts log source
on the QRadar
Console. The following table describes the parameters
that require specific values for STEALTHbits StealthINTERCEPT
Alerts event collection:
Table 2. STEALTHbits StealthINTERCEPT Alerts log source parameters Parameter Value Log Source type STEALTHbits StealthINTERCEPT Alerts Protocol Configuration Syslog