Before you configure IBM
QRadar, you must install a
plug-in for your ForeScout CounterACT appliance and configure ForeScout CounterACT to forward syslog
events to QRadar.
About this task
To integrate QRadar with ForeScout CounterACT,
you must download, install, and configure a plug-in for CounterACT. The plug-in extends ForeScout
CounterACT and provides the framework for forwarding LEEF events to QRadar.
Procedure
-
From the ForeScout
website (https://www.forescout.com), download the plug-in for ForeScout CounterACT.
-
Log in to your ForeScout CounterACT appliance.
-
From the CounterACT Console toolbar, select . Select the location of the plug-in file.
The plug-in is installed and displayed in the Plug-ins pane.
-
From the Plug-ins pane, select the QRadar plug-in and click
Configure.
The Add
QRadar wizard is
displayed.
-
In the Server Address field, type the IP address of QRadar.
-
From the Port list, select 514.
-
Click Next.
-
From the Assigned CounterACT devices pane, choose one of the following
options:
- Default Server - Select this option to make all devices on this ForeScout
CounterACT, forward events to QRadar.
- Assign CounterACT devices - Select this option to assign which individual
devices that are running on ForeScout CounterACT forward events to QRadar. The Assign CounterACT
devices option is only available if you have one or more ForeScout CounterACT servers.
-
Click Finish.
The plug-in configuration is complete. You are now ready to define the events that are forwarded
to QRadar by ForeScout
CounterACT policies.