SSH CryptoAuditor
The IBM QRadar DSM for SSH CryptoAuditor collects logs from an SSH CryptoAuditor.
The following table identifies the specifications for the SSH CryptoAuditor DSM.
| Specification | Value |
|---|---|
| Manufacturer | SSH Communications Security |
| Product | CryptoAuditor |
| DSM Name | SSH CryptoAuditor |
| RPM filename | DSM-SSHCryptoAuditor-QRadar_release-Build_number.noarch.rpm |
| Supported versions | 1.4.0 or later |
| Event format | Syslog |
| QRadar recorded event types | Audit, Forensics |
| Log source type in QRadar UI | SSH CryptoAuditor |
| Auto discovered? | Yes |
| Includes identity? | No |
| Includes custom properties? | No |
| More information | SSH Communications Security website (http://www.ssh.com/) |
To send events from SSH CryptoAuditor to QRadar, complete the following steps:
- If automatic updates are not enabled, download and install the most recent version of the
following RPMs from the IBM® Support Website onto your QRadar Console:
- DSMCommon RPM
- SSH CryptoAuditor RPM
- For each instance of SSH CryptoAuditor, configure your SSH CryptoAuditor system to communicate with QRadar.
- If QRadar does not
automatically discover SSH CryptoAuditor, create a log source on the QRadar Console for each instance
of SSH CryptoAuditor. Use the following SSH CryptoAuditor specific parameters:
Parameter Value Log Source Type SSH CryptoAuditor Protocol Configuration Syslog