Bit9 Security Platform
Use the IBM® QRadar® SIEM DSM for Carbon Black Bit9 Security Platform to collect events from Carbon Black Bit9 Parity devices.
The following table identifies the specifications for the Bit9 Security Platform DSM:
| Specification | Value |
|---|---|
| Manufacturer | Carbon Black |
| DSM name | Bit9 Security Platform |
| RPM file name | DSM-Bit9Parity-build_number.noarch.rpm |
| Supported versions | V6.0.2 and up |
| Event format |
Syslog |
| Supported event types | All events |
| Automatically discovered? | Yes |
| Included identity? | Yes |
| More information | Bit9 website (http://www.bit9.com) |
To integrate Bit9 Security Platform with QRadar,
complete the following steps:
- If automatic updates are not enabled, download the most recent version of the Bit9 Security Platform DSM RPM.
- Configure your Bit9 Security Platform device to enable communication with QRadar. You must create a syslog destination and forwarding policy on the Bit9 Security Platform device.
- If QRadar does not
automatically detect Bit9 Security Platform as a log source, create a Bit9 Security Platform log
source on the QRadar Console.
Use the following Bit9 Security Platform values to configure the log source parameters:
Parameter Value Log Source Identifier The IP address or host name of the Bit9 Security Platform device Log Source Type Bit9 Security Platform Protocol Configuration Syslog