To collect events, you must configure your Carbon Black Bit9 Parity device to forward
syslog events in Log Event Extended Format (LEEF).
Procedure
-
Log in to the Carbon Black Bit9 Parity console with Administrator or PowerUser
privileges.
- From the navigation menu on the left side of the console,
select .
The System
Configuration window is displayed.
- Click Server Status.
The Server
Status window is displayed.
- Click Edit.
- In the Syslog address field, type
the IP address of your QRadar
Console or Event Collector.
- From the Syslog format list, select LEEF
(Q1Labs).
- Select the Syslog enabled check
box.
- Click Update.
The configuration is complete. The log source is added to IBM
QRadar as Carbon Black Bit9
Parity events are automatically discovered. Events that are forwarded to QRadar by Carbon Black Bit9 Parity
are displayed on the Log Activity tab of QRadar.