Vectra Networks Vectra
The IBM QRadar DSM for Vectra Networks Vectra collects events from the Vectra Networks Vectra X-Series platform.
Important: The IBM
QRadar DSM for Vectra Networks
Vectra is deprecated.
To continue taking advantage of this integration, please download the Vectra Networks Vectra DSM from the IBM Security App Exchange website (https://exchange.xforce.ibmcloud.com/hub/extension/47f3e9afff5e0281d6684bb633d769f2).
The following table describes the specifications for the Vectra Networks Vectra DSM:
| Specification | Value |
|---|---|
| Manufacturer | Vectra Networks |
| DSM name | Vectra Networks Vectra |
| RPM file name | DSM-VectraNetworksVectra-QRadar_version-build_number.noarch.rpm |
| Supported versions | 2.2 |
| Protocol | Syslog |
| Event Format | Common Event Format (CEF). CEF:0 is supported. |
| Recorded event types | Host scoring, command and control, botnet activity, reconnaissance, lateral movement, exfiltration |
| Automatically discovered? | Yes |
| Includes identity? | No |
| Includes custom properties? | No |
| More information | Vectra Networks Website (http://www.vectranetworks.com) |
To integrate Vectra Networks Vectra with QRadar, complete the following steps:
- If automatic updates are not enabled, download and install the most recent version of the
following RPMs from the IBM® Support Website (onto your QRadar
Console in the order that they are listed:
- DSMCommon RPM
- Vectra Networks Vectra DSM RPM
- Configure your Vectra Networks Vectra device to send syslog events to QRadar.
- If QRadar does not
automatically detect the log source, add a Vectra Networks Vectra log source on the QRadar Console. The following
table describes the parameters that require specific values for Vectra Networks Vectra event
collection:
Table 2. Vectra Networks Vectra log source parameters Parameter Value Log Source type Vectra Networks Vectra Protocol Configuration Syslog Log Source Identifier A unique identifier for the log source.