Sun Solaris Basic Security Mode (BSM)

Sun Solaris Basic Security Mode (BSM) is an audit tracking tool for the system administrator to retrieve detailed auditing events from Sun Solaris systems.

IBM QRadar retrieves Sun Solaris BSM events by using the log file Protocol. For you to configure QRadar to integrate with Solaris Basic Security Mode, take the following steps:

  1. Enable Solaris Basic Security Mode.
  2. Convert audit logs from binary to a human-readable format.
  3. Schedule a cron job to run the conversion script on a schedule.
  4. Collect Sun Solaris events in QRadar by using the log file protocol.