Ambiron TrustWave ipAngel
The IBM QRadar DSM for Ambiron TrustWave ipAngel receives Snort-based events from the ipAngel console.
The following table identifies the specifications for the Ambiron TrustWave ipAngel
DSM:
Specification | Value |
---|---|
Manufacturer | Ambiron |
DSM name | Ambiron TrustWave ipAngel |
RPM file name | DSM-AmbironTrustwaveIpAngel-QRadar_version-build_number.noarch.rpm |
Supported versions | V4.0 |
Protocol | Syslog |
Recorded event types | Snort-based events |
Automatically discovered? | No |
Includes identity? | No |
Includes custom properties? | No |
More information | Ambiron website (http://www.apache.org) |
To send Ambiron TrustWave ipAngel events to QRadar, complete the
following steps:
- If automatic updates are not enabled, download and install the most recent version of the Ambiron TrustWave ipAngel DSM RPM from the IBM® Support Website onto your QRadar Console.
- Configure your Ambiron TrustWave ipAngel device to forward your cache and access logs to QRadar. For information on forwarding device logs to QRadar, see your vendor documentation.
- Add an Ambiron TrustWave ipAngel log source on the QRadar Console. The
following table describes the parameters that require specific values that are required
for Ambiron TrustWave ipAngel event collection:
Table 2. Ambiron TrustWave ipAngel log source parameters Parameter Value Log Source type Ambiron TrustWave ipAngel Intrusion Prevention System (IPS) Protocol Configuration Syslog