HTTP Receiver log source parameters for IBM Security Trusteer

If QRadar® does not automatically detect the log source, add a IBM® Security Trusteer® log source on the QRadar Console by using the HTTP Receiver protocol.

When using the HTTP Receiver protocol, there are specific parameters that you must use.

The following table describes the parameters that require specific values to collect HTTP Receiver events from IBM Security Trusteer:
Table 1. HTTP Receiver log source parameters for the IBM Security Trusteer DSM
Parameter Value
Log Source type IBM Security Trusteer
Protocol Configuration HTTP Receiver
Log Source Identifier The IP address, hostname, or any name to identify the device.

The name must be unique for the log source type.

Listen Port

The port that is used by QRadar to accept incoming HTTP Receiver events. The port must match the port that is configured on your IBM Security Trusteer device. The default port is 12469.

Important: Do not use port 514. Port 514 is used by the standard Syslog listener.

For a complete list of HTTP Receiver protocol parameters and their values, see HTTP Receiver protocol configuration options.