You can integrate QRadar with Sophos PureMessage for Microsoft Exchange.
Procedure
-
Log in to the Microsoft SQL Server command-line interface (CLI):
osql -E -S localhost\sophos
-
Type which database you want to integrate with QRadar:
-
Type the following command to create a SIEM view in your Sophos database to support QRadar:
create view siem_view as select
'Windows PureMessage' as application, id, reason,
timecreated, emailonly as sender, filesize, subject,
messageid, filename from dbo.quaritems,
dbo.quaraddresses where ItemID = ID and Field = 76;
What to do next
After you create your SIEM view, you must configure QRadar to receive event
information by using the JDBC protocol. To configure the Sophos PureMessage DSM with QRadar, see JDBC log source parameters for Sophos PureMessage.