HPE Network Automation

The IBM® QRadar® DSM for HPE Network Automation collects events from HPE Network Automation software.

The following table describes the specifications for the HPE Network Automation DSM:
Table 1. HPE Network Automation DSM specifications
Specification Value
Manufacturer Hewlett Packard Enterprise
DSM name HP Network Automation
RPM file name DSM-HPNetworkAutomation-QRadar_version-build_number.noarch.rpm
Supported versions V10.11
Protocol Syslog
Event format LEEF
Recorded event types All operational and configuration network events.
Automatically discovered? Yes
Includes identity? Yes
Includes custom properties? No
More information Hewlett Packard Enterprise Network Automation (https://www.hpe.com/us/en/solutions/telecom-network-automation.html)
To integrate HPE Network Automation software with QRadar, complete the following steps:
  1. If automatic updates are not enabled, download the following RPMs from the IBM Support Website (https://www.ibm.com/support).
    • DSMCommon DSM RPM
    • HP Network Automation DSM RPM
  2. Configure your HPE Network Automation software to send LEEF events to QRadar.
  3. If QRadar does not automatically detect the log source, add an HPE Network Automation log source on the QRadar Console. The following table describes the parameters that require specific values for HPE Network Automation event collection:
    Table 2. HPE Network Automation log source parameters
    Parameter Value
    Log Source type HP Network Automation
    Protocol Configuration Syslog
    Log Source Identifier The IP address or host name of the device from where QRadar collects HP Network Automation events.
The following table shows a sample LEEF message from the HPE Network Automation DSM:
Table 3. HPE Network Automation sample message supported by the HPE Network Automation software
Event name Low level category Sample log message
Device Snapshot Information
LEEF:1.0|HP|Network Automation|v10|Device Snapshot|devTime=Wed Jul 06 08:26:45 UTC 2016 devTimeFormat=EEE MMM dd HH:mm:ss Z yyyy     src=<Source_IP_address>      eventId=11111111       usrName=UserName   eventText=Snapshot of configuration taken