IBM® QRadar® Risk Manager supports McAfee Enterprise Firewall (Sidewinder) appliances that run SecureOS.

The following features are available with the Sidewinder adapter:
  • Static NAT
  • Static routing
  • Telnet and SSH connection protocols

The Sidewinder adapter interacts with the CLI-based McAfee operating system (SecureOS) over Telnet or SSH.

Sidewinder adapter has the following limitations:

  • Only Layer 3 firewall policies are supported because the Layer 7 policies that use Sidewinder application defenses are unsupported.
  • Identity-based, geography-based, and IPv6 policies are dropped, because these policies are unsupported by QRadar Risk Manager.

The integration requirements for the Sidewinder adapter are described in the following table:

Table 1. Sidewinder adapter
Integration Requirement Description

Supported versions


Minimum user access level


The admin user access level is required to retrieve predefined services information from the database by using the cf appdb list verbose=on command.

SNMP discovery


Required credential parameters



Supported connection protocols Use any one of the following supported connection protocols:



Commands that the adapter requires to log in and collect data


uname -r


cf license q

cf route status

cf ipaddr q

cf iprange q

cf subnet q

cf domain q

Use "dig $address +noall +answer"

for each domain output from: cf domain q

cf host q

cf netmap q

cf netgroup q

cf appdb list verbose=on

cf application q

cf appgroup q

cf policy q

cf interface q

cf zone q