Radware AppWall
The IBM® QRadar® DSM for Radware AppWall collects logs from a Radware AppWall appliance.
The following table describes the specifications for the Radware AppWall DSM:
| Specification | Value |
|---|---|
| Manufacturer | Radware |
| DSM name | Radware AppWall |
| RPM file name | DSM-RadwareAppWall-QRadar_version-build_number.noarch.rpm |
| Supported versions | 6.5.2 8.2 |
| Protocol | Syslog |
| Recorded event types |
Administration Audit Learning Security System |
| Automatically discovered? | Yes |
| Includes identity? | No |
| Includes custom properties? | No |
| More information | For more information, see the Radware link to public site website (https://www.radware.com). |
To integrate Radware AppWall with QRadar, complete the following steps:
- If automatic updates are not enabled, download and install the most recent version of the Radware AppWall DSM RPM from the IBM Support Website onto your QRadar Console:
- Configure your Radware AppWall device to send logs to QRadar.
- If QRadar does not
automatically detect the log source, add a Radware AppWall log source on the QRadar Console. The following
table describes the parameters that require specific values for Radware AppWall event
collection:
Table 2. Radware AppWall log source parameters Parameter Value Log Source type Radware AppWall Protocol Configuration Syslog
Important: Your RadWare AppWall device might have event payloads that
are longer than the default maximum TCP Syslog payload length of 4096 bytes. This overage can result
in the event payload being split into multiple events by QRadar. To avoid this behavior,
increase the maximum TCP Syslog payload length. To optimize performance, start by configuring the
value to 8192 bytes. The maximum length for RadWare AppWall events is 14,019 bytes.
The maximum QRadar syslog payload size is 32,000 bytes. For more information about increasing the QRadar maximum payload size, see QRadar: TCP and UDP Syslog Maximum Payload Message Length for QRadar Appliances (https://www.ibm.com/support/pages/qradar-tcp-and-udp-syslog-maximum-payload-message-length-qradar-appliances).
You can verify that QRadar is configured to receive events from your Radware AppWall device when you complete Step 6 of the Configuring Radware AppWall to communicate with QRadar procedure.