STEALTHbits StealthINTERCEPT Analytics
IBM QRadar collects analytics logs from a STEALTHbits StealthINTERCEPT server by using STEALTHbits StealthINTERCEPT Analytics DSM.
The following table identifies the specifications for the STEALTHbits StealthINTERCEPT Analytics
DSM:
Integrate STEALTHbits StealthINTERCEPT with QRadar by completing the following
steps:
Specification | Value |
---|---|
Manufacturer | STEALTHbits Technologies |
DSM name | STEALTHbits StealthINTERCEPT Analytics |
RPM file name | DSM-STEALTHbitsStealthINTERCEPTAnalytics-Qradar_version-build_number.noarch.rpm |
Supported versions | 3.3 |
Protocol | Syslog LEEF |
Recorded event types | Active Directory Analytics Events |
Automatically discovered? | Yes |
Includes identity? | No |
Includes custom properties? | No |
More information | StealthINTERCEPT (http://www.stealthbits.com/products/stealthintercept) |
- If automatic updates are not enabled, download and install the most recent version of the
following RPMs from the IBM® Support Website onto your QRadar
Console in the order that they are listed:
- DSMCommon RPM
- STEALTHbitsStealthINTERCEPT RPM
- STEALTHbitsStealthINTERCEPTAnalytics RPM
- Configure your STEALTHbits StealthINTERCEPT device to send syslog events to QRadar.
- If QRadar does not
automatically detect the log source, add a STEALTHbits StealthINTERCEPT Analytics log source on the
QRadar Console. The following
table describes the parameters that require specific values for STEALTHbits StealthINTERCEPT
Analytics event collection:
Table 2. STEALTHbits StealthINTERCEPT Analytics log source parameters Parameter Value Log Source type STEALTHbits StealthINTERCEPT Analytics Protocol Configuration Syslog