VMware vCloud Director

You can use the VMware vCloud Director DSM and the VMware vCloud Director protocol for IBM® QRadar® to poll the vCloud REST API for events.

QRadar supports polling for VMware vCloud Director events from vCloud Directory 5.1 appliances. Events that are collected by using the vCloud REST API are assembled as Log Event Extended Format (LEEF) events.

To integrate vCloud events with QRadar, you must complete the following tasks:

  1. On your vCloud appliance, configure a public address for the vCloud REST API.
  2. On your QRadar appliance, configure a log source to poll for vCloud events. For information about NMware vCloud Director log source protocol parameters, see VMware vCloud Director log source parameters for VMware vCloud Director.
  3. Ensure that no firewall rules block communication between your vCloud appliance and the QRadar Console or the managed host that is responsible for polling the vCloud REST API.