The Forcepoint V-Series Data Security Suite DSM accepts events using syslog. Before you
can integrate IBM
QRadar you,
must enable the Forcepoint V-Series appliance to forward syslog events in the Data Security Suite
(DSS) Management Console.
Procedure
-
Select .
-
Select an existing Notification Template or create a new template.
-
Click the General tab.
-
Click Send Syslog Message.
-
Select to access the Syslog window.
The syslog window enables administrators to define the IP address/host name and port number of
the syslog in their organization. The defined syslog receives incident messages from the Forcepoint
Data Security Suite DSS Manager.
-
The syslog is composed of the following fields:
DSS Incident|ID={value}|action={display value - max}|urgency= {coded}|policy categories={values,,,}|source={value-display name}|destinations={values...}|channel={display name}|matches= {value}|detaills={value}
- Max length for policy categories is 200 characters.
- Max length for destinations is 200 characters.
- Details and source are reduced to 30 characters.
-
Click Test Connection to verify that your syslog is accessible.
What to do next
You can now configure the log source in QRadar. The configuration is
complete. The log source is added to QRadar as OSSEC events are
automatically discovered. Events that are forwarded to QRadar by OSSEC are displayed on
the Log Activity tab of QRadar.