IBM Federated Directory Server
The IBM® QRadar® DSM collects events from IBM Federated Directory Server systems.
The following table identifies the specifications for the IBM Federated Directory Server DSM:
| Specification | Value |
|---|---|
| Manufacturer | IBM |
| DSM name | IBM Federated Directory Server |
| RPM file name | DSM-IBMFederated DirectoryServer-Qradar_version-build_number.noarch.rpm |
| Supported versions | V7.2.0.2 and later |
| Event format | LEEF |
| Recorded event types | FDS Audit |
| Automatically discovered? | Yes |
| Includes identity? | No |
| Includes custom properties? | No |
| More information | Security Directory Server information in the IBM Knowledge Center (https://www.ibm.com/support/knowledgecenter/SSVJJU/welcome.html) |
To send events from IBM Federated Directory Server to QRadar, complete
the following steps:
- If automatic updates are not enabled, download the most recent version of the
following RPMs from the IBM Support Website onto your QRadar
Console:
- DSMCommon RPM
- IBM Federated Directory Server DSM RPM
- Configure QRadar monitoring on your IBM Federated Directory Server device.
- If QRadar does not automatically detect the log source, add an IBM Federated Directory Server log source on the QRadar Console. The following table describes the parameters that require specific values for IBM Federated Directory Server event collection:
Table 2. IBM Federated Directory Serve log source parameters Parameter Value Log Source type IBM Federated Directory Server Protocol Configuration Syslog Log Source Identifier The source IP or host name of the IBM Federated Directory Server.