Configuring Aruba Introspect to communicate with QRadar
Before IBM® QRadar® can collect events from Aruba Introspect, you must configure Aruba Introspect to send events to QRadar.
- Log in to the Aruba Introspect Analyzer.
- Click .
Configure the following forwarding parameters:
Table 1. Aruba Introspect Analyzer forwarding parameters Parameter Value Syslog Destination IP or host name of the QRadar Event Collector. Protocol TCP or UDP Port 514
- Click .
Configure the following notification parameters:
Table 2. Aruba Introspect Analyzer notification parameters Parameter Value Enable Alert Syslog Forwarding Enable the Enable Alert Syslog Forwarding check box. Sending Notification
As Alerts are produced.
You can customize this setting to send in batches instead of a live stream.
TimeZone Your local time zone.Note: Leave Query, Severity, and Confidence values as default to send all Alerts. These values can be customized to filter out and send only a subset of Alerts to QRadar.
What to do next
To help you troubleshoot, you can look at the forwarding logs in the /var/log/notifier.log file.
When a new notification is created, as described in Step 3, alerts for the last week that match the Query, Severity, and Confidence fields are sent.