VMWare AppDefense API log source parameters for VMware AppDefense

If QRadar does not automatically detect the log source, add a VMware AppDefense log source on the QRadar Console by using the VMWare AppDefense API protocol.

When using the VMWare AppDefense API protocol, there are specific parameters that you must use.

The following table describes the parameters that require specific values to collect VMWare AppDefense API events from VMware AppDefense:
Table 1. VMWare AppDefense API log source parameters for the VMware AppDefense DSM
Parameter Value
Log Source type VMware AppDefense
Protocol Configuration VMWare AppDefense API
Log Source Identifier

Type the IP address or host name for the log source as an identifier for events from your VMware AppDefense devices.

Endpoint URL The endpoint URL for accessing VMware AppDefense. Example revision:

https://server_name.vmwaredrx.com/partnerapi/v1/orgs/<organization ID>

Authentication Token A single authentication token that is generated by the AppDefense console and must be used for all API transactions.
Use Proxy

If QRadar accesses the VMWare AppDefense API by using a proxy, enable Use Proxy.

If the proxy requires authentication, configure the Hostname, Proxy Port, Proxy Username, and Proxy fields.

If the proxy does not require authentication, configure the Hostname and Proxy Port fields.

Automatically Acquire Server Certificates If you choose Yes from the drop down list, QRadar automatically downloads the certificate and begins trusting the target server. If No is selected QRadar does not attempt to retrieve any server certificates.
Recurrence Beginning at the Start Time, type the frequency for how often you want the remote directory to be scanned. Type this value in hours(H), minutes(M), or days(D). For example, 2H if you want the directory to be scanned every 2 hours. The default is 5M.
Throttle The maximum number of events per second.

The default is 5000.