Seculert
The IBM QRadar DSM for Seculert collects events from the Seculert cloud service.
The following table describes the specifications for the Seculert DSM:
| Specification | Value |
|---|---|
| Manufacturer | Seculert |
| DSM name | Seculert |
| RPM file name | DSM-SeculertSeculert-Qradar_version-build_number.noarch.rpm |
| Supported versions | v1 |
| Protocol | Seculert Protection REST API Protocol |
| Recorded event types | All malware communication events |
| Automatically discovered? | No |
| Includes identity? | No |
| Includes custom properties? | No |
| More information | Seculert website (http://www.seculert.com) |
To integrate Seculert with QRadar, complete the following steps:
- Download and install the most recent version of the following RPMs from the IBM® Support Website onto your QRadar
Console:
- Protocol-Common
- DSM-DSMCommon
- Seculert DSM RPM
- SeculertProtectionRESTAPI PROTOCOL RPM
- Add a Seculert log source on the QRadar Console. The following
table describes the parameters that require specific values for Seculert event collection:
For more information about this protocol, see Seculert Protection REST API protocol configuration options.
Table 2. Seculert log source parameters Parameter Value Log Source type Seculert Protocol Configuration Seculert Protection REST API API Key 32 character UUID
For more information about obtaining an API key, see Seculert Protection REST API protocol configuration options.