The Forcepoint V-Series Content Gateway DSM for IBM
QRadar supports events for web
content from several Forcepoint TRITON solutions, including Web Security, Web Security Gateway, Web
Security Gateway Anywhere, and V-Series appliances.
About this task
Forcepoint TRITON collects and streams event information to QRadar by using the Forcepoint
Multiplexer component. Before you configure QRadar, you must configure the
Forcepoint TRITON solution to provide LEEF formatted syslog events.
Before you can configure Forcepoint TRITON Web Security solutions to forward events to QRadar, you must ensure that your
deployment contains a Forcepoint Multiplexer.
The Forcepoint Multiplexer is supported on Windows, Linux®, and on Forcepoint V-Series appliances.
To configure a Forcepoint Multiplexer on a Forcepoint Triton or V-Series appliance:
Procedure
-
Install an instance of Forcepoint Multiplexer for each Forcepoint Policy Server
component in your network.
- For Microsoft
Windows - To install the Forcepoint Multiplexer on Windows, use the TRITON Unified Installer. The Triton Unified
Installer is available for download at http://www.myforcepoint.com.
- For Linux - To install the Forcepoint Multiplexer on Linux, use the Web Security Linux Installer. The Web Security Linux Installer is
available for download at http://www.myforcepoint.com.
For information on adding a Forcepoint Multiplexer to software installations, see your
Forcepoint Security Information Event Management (SIEM) Solutions documentation.
-
Enable the Forcepoint Multiplexer on a V-Series appliance that is configured as
a full policy source or user directory and filtering appliance:
-
Log in to your Forcepoint TRITON Web Security Console or V-Series appliance.
-
From the Appliance Manager, select .
-
Click the Forcepoint Web Security tab.
-
From the Command list, select multiplexer,
then use the enable command.
-
Repeat Forcepoint TRITON and
Forcepoint TRITON to enable one
Multiplexer instance for each Policy Server instance in your network.
If more than one Multiplexer is installed for a Policy Server, only the last installed instance
of the Forcepoint Multiplexer is used. The configuration for each Forcepoint Multiplexer instance is
stored by its Policy Server.
What to do next
You can now configure your Forcepoint TRITON appliance to forward syslog events in LEEF
format to QRadar.