Configure your Carbon Black App Control console to forward events to IBM
QRadar in LEEF
format.
Procedure
-
Access the Carbon Black App Control console by entering the Carbon Black App Control server URL
in your browser.
-
Log in to the Carbon Black App Control console. You must have Administrator or Power® User privileges.
-
From the navigation menu, select .
-
On the System Configuration page, click the Events
tab.
-
In the External Events Logging section, click Edit
and then configure the following parameters.
- Type the IP address of the QRadar
Event Collector in the
Syslog address field.
- Type 514 in the Syslog port
field.
-
From the Syslog format list, select LEEF
(Q1Labs).
-
Select the Syslog Enabled checkbox and then click
Update.