Integrate Broadcom CA Top Secret with IBM QRadar by using audit scripts
The Broadcom CA Top Secret DSM collects events and audit transactions on the IBM® mainframe with the Log File protocol.
IBM QRadar records all relevant and available information from the event.
To integrate CA Top Secret events into QRadar:
- The IBM mainframe records all security events as Service Management Framework (SMF) records in a live repository.
- At midnight, the CA Top Secret data is extracted from the live repository by using the SMF dump utility. The SMF file contains all of the events and fields from the previous day in raw SMF format.
- The qextopsloadlib program pulls data from the SMF formatted file. The qextopsloadlib program only pulls the relevant events and fields for QRadar and writes that information in a condensed format for compatibility. The information is saved in a location accessible by QRadar.
- QRadar uses the Log File protocol source to retrieve the output file information on a scheduled basis. QRadar then imports and processes this file.