Application Security DbProtect
The IBM QRadar DSM for Application Security DbProtect collects event from DbProtect devices that are installed with the Log Event Extended Format (LEEF) Service.
The following table identifies the specifications for the Application Security DbProtect
DSM:
Specification | Value |
---|---|
Manufacturer | Application Security, Inc |
DSM name | DbProtect |
RPM file name | DSM-AppSecDbProtect-QRadar_version-build_number.noarch.rpm |
Supported versions | v6.2 v6.3 v6.3sp1 v6.3.1 v6.4 |
Protocol | LEEF |
Recorded event types | All events |
Automatically discovered? | Yes |
Includes identity? | No |
Includes custom properties? | No |
More information | Application Security website (http://www.appsecinc.com/) |
To send Application Security DbProtect events to QRadar, complete the following steps:
- If automatic updates are not enabled, download and install the most recent version of the Application Security DbProtect DSM RPM from the IBM® Support Website onto your QRadar Console.
- Configure your Application Security DbProtect device to communicate with QRadar. Complete the following steps:
- Install the DbProtect LEEF Relay Module.
- Configure the DbProtect LEEF Relay
- Configure DbProtect alerts.
- If QRadar does not
automatically detect the log source, add an Application Security DbProtect log source on the QRadar
Console. Configure all required
parameters, and use the following table for DbProtect-specific values:
Table 2. Application Security DbProtect log source parameters Parameter Value Log Source type Application Security DbProtect Protocol Configuration Syslog