Application Security DbProtect

The IBM QRadar DSM for Application Security DbProtect collects event from DbProtect devices that are installed with the Log Event Extended Format (LEEF) Service.

The following table identifies the specifications for the Application Security DbProtect DSM:
Table 1. Application Security DbProtect DSM specifications
Specification Value
Manufacturer Application Security, Inc
DSM name DbProtect
RPM file name DSM-AppSecDbProtect-QRadar_version-build_number.noarch.rpm
Supported versions v6.2

v6.3

v6.3sp1

v6.3.1

v6.4

Protocol LEEF
Recorded event types All events
Automatically discovered? Yes
Includes identity? No
Includes custom properties? No
More information Application Security website (http://www.appsecinc.com/)
To send Application Security DbProtect events to QRadar, complete the following steps:
  1. If automatic updates are not enabled, download and install the most recent version of the Application Security DbProtect DSM RPM from the IBM® Support Website onto your QRadar Console.
  2. Configure your Application Security DbProtect device to communicate with QRadar. Complete the following steps:
    1. Install the DbProtect LEEF Relay Module.
    2. Configure the DbProtect LEEF Relay
    3. Configure DbProtect alerts.
  3. If QRadar does not automatically detect the log source, add an Application Security DbProtect log source on the QRadar Console. Configure all required parameters, and use the following table for DbProtect-specific values:
    Table 2. Application Security DbProtect log source parameters
    Parameter Value
    Log Source type Application Security DbProtect
    Protocol Configuration Syslog