IBM zSecure Alert

The IBM® QRadar® DSM for IBM zSecure Alert collects Syslog events from a IBM zSecure Alert.

To integrate IBM zSecure Alert with QRadar, complete the following steps:
  1. If automatic updates are not enabled, RPMs are available for download from the IBM support website. Download and install the most recent version of the DSM Common RPM on your QRadar Console:
  2. Configure your IBM zSecure Alert to send events to QRadar.
  3. If QRadar does not automatically detect the log source, add a IBM zSecure Alert log source on the QRadar Console.

The alert configuration on your IBM zSecure Alert appliance determines which alert conditions you want to monitor and forward to QRadar. To collect events in QRadar, you must configure your IBM zSecure Alert appliance to forward events in a UNIX syslog event format by using the QRadar IP address as the destination. For information on configuring UNIX syslog alerts and destinations, see the IBM Security zSecure Alert User Reference Manual.