STEALTHbits StealthINTERCEPT Analytics

IBM QRadar collects analytics logs from a STEALTHbits StealthINTERCEPT server by using STEALTHbits StealthINTERCEPT Analytics DSM.

The following table identifies the specifications for the STEALTHbits StealthINTERCEPT Analytics DSM:
Table 1. STEALTHbits StealthINTERCEPT Analytics DSM specifications
Specification Value
Manufacturer STEALTHbits Technologies
DSM name STEALTHbits StealthINTERCEPT Analytics
RPM file name DSM-STEALTHbitsStealthINTERCEPTAnalytics-Qradar_version-build_number.noarch.rpm
Supported versions 3.3
Protocol Syslog LEEF
Recorded event types Active Directory Analytics Events
Automatically discovered? Yes
Includes identity? No
Includes custom properties? No
More information StealthINTERCEPT (http://www.stealthbits.com/products/stealthintercept)
Integrate STEALTHbits StealthINTERCEPT with QRadar by completing the following steps:
  1. If automatic updates are not enabled, download and install the most recent version of the following RPMs from the IBM® Support Website onto your QRadar Console in the order that they are listed:
    • DSMCommon RPM
    • STEALTHbitsStealthINTERCEPT RPM
    • STEALTHbitsStealthINTERCEPTAnalytics RPM
  2. Configure your STEALTHbits StealthINTERCEPT device to send syslog events to QRadar.
  3. If QRadar does not automatically detect the log source, add a STEALTHbits StealthINTERCEPT Analytics log source on the QRadar Console. The following table describes the parameters that require specific values for STEALTHbits StealthINTERCEPT Analytics event collection:
    Table 2. STEALTHbits StealthINTERCEPT Analytics log source parameters
    Parameter Value
    Log Source type STEALTHbits StealthINTERCEPT Analytics
    Protocol Configuration Syslog