STEALTHbits StealthINTERCEPT Analytics
IBM® QRadar® collects analytics logs from a STEALTHbits StealthINTERCEPT server by using STEALTHbits StealthINTERCEPT Analytics DSM.
The following table identifies the specifications for the STEALTHbits StealthINTERCEPT Analytics
DSM:
Integrate STEALTHbits StealthINTERCEPT with QRadar by completing the following
steps:
| Specification | Value |
|---|---|
| Manufacturer | STEALTHbits Technologies |
| DSM name | STEALTHbits StealthINTERCEPT Analytics |
| RPM file name | DSM-STEALTHbitsStealthINTERCEPTAnalytics-Qradar_version-build_number.noarch.rpm |
| Supported versions | 3.3 |
| Protocol | Syslog LEEF |
| Recorded event types | Active Directory Analytics Events |
| Automatically discovered? | Yes |
| Includes identity? | No |
| Includes custom properties? | No |
| More information | StealthINTERCEPT (http://www.stealthbits.com/products/stealthintercept) |
- If automatic updates are not enabled, download and install the most recent version of the
following RPMs from the IBM Support Website onto your QRadar
Console in the order that they are listed:
- DSMCommon RPM
- STEALTHbitsStealthINTERCEPT RPM
- STEALTHbitsStealthINTERCEPTAnalytics RPM
- Configure your STEALTHbits StealthINTERCEPT device to send syslog events to QRadar.
- If QRadar does not
automatically detect the log source, add a STEALTHbits StealthINTERCEPT Analytics log source on the
QRadar Console. The following
table describes the parameters that require specific values for STEALTHbits StealthINTERCEPT
Analytics event collection:
Table 2. STEALTHbits StealthINTERCEPT Analytics log source parameters Parameter Value Log Source type STEALTHbits StealthINTERCEPT Analytics Protocol Configuration Syslog