STEALTHbits StealthINTERCEPT Analytics
IBM QRadar collects analytics logs from a STEALTHbits StealthINTERCEPT server by using STEALTHbits StealthINTERCEPT Analytics DSM.
The following table identifies the specifications for the STEALTHbits StealthINTERCEPT Analytics
DSM:
Integrate STEALTHbits StealthINTERCEPT with QRadar by completing the following
steps:
| Specification | Value |
|---|---|
| Manufacturer | STEALTHbits Technologies |
| DSM name | STEALTHbits StealthINTERCEPT Analytics |
| RPM file name | DSM-STEALTHbitsStealthINTERCEPTAnalytics-Qradar_version-build_number.noarch.rpm |
| Supported versions | 3.3 |
| Protocol | Syslog LEEF |
| Recorded event types | Active Directory Analytics Events |
| Automatically discovered? | Yes |
| Includes identity? | No |
| Includes custom properties? | No |
| More information | StealthINTERCEPT (http://www.stealthbits.com/products/stealthintercept) |
- If automatic updates are not enabled, download and install the most recent version of the
following RPMs from the IBM® Support Website onto your QRadar
Console in the order that they are listed:
- DSMCommon RPM
- STEALTHbitsStealthINTERCEPT RPM
- STEALTHbitsStealthINTERCEPTAnalytics RPM
- Configure your STEALTHbits StealthINTERCEPT device to send syslog events to QRadar.
- If QRadar does not
automatically detect the log source, add a STEALTHbits StealthINTERCEPT Analytics log source on the
QRadar Console. The following
table describes the parameters that require specific values for STEALTHbits StealthINTERCEPT
Analytics event collection:
Table 2. STEALTHbits StealthINTERCEPT Analytics log source parameters Parameter Value Log Source type STEALTHbits StealthINTERCEPT Analytics Protocol Configuration Syslog