IBM Security Identity Governance
The IBM QRadar DSM for IBM® Security Identity Governance collects audit events from IBM Security Governance servers.
Specification | Value |
---|---|
Manufacturer | IBM |
DSM name | IBM Security Identity Governance |
RPM file name | DSM-IBMSecurityIdentityGovernance-QRadar_version-build_number.noarch.rpm |
Supported versions | IBM Security Identity Governance V5.1.1 |
Protocol | JDBC |
Event format | NVP |
Recorded event types | Audit |
Automatically discovered? | No |
Includes identity? | No |
Includes custom properties? | No |
More information | IBM website (https://www.ibm.com) |
- If automatic updates are not enabled, download and install the most recent version of the
following RPMs from the IBM Support Website onto your QRadar
Console. If multiple DSM RPMs are
required, the integration sequence must reflect the DSM RPM dependency.
- IBM Security Identity Governance (ISIG) DSM RPM
- JDBC Protocol RPM
- Configure a JDBC log source to poll for events from your IBM Security Identity Governance database.
- Ensure that no firewall rules block communication between QRadar and the database that is associated with IBM Security Identity Governance.
- If QRadar
does not automatically detect the log source, add
an IBM Security Identity Governance
log source on the QRadar
Console. The following table describes the parameters
that require specific values for IBM Security Identity Governance event collection:
Table 2. IBM Security Identity Governance DSM log source parameters Parameter Value Log Source Name Type a unique name for the log source. Log Source Description Type a description for the log source. Log Source Type IBM Security Identity Governance Protocol Configuration JDBC Log Source Identifier Type a name for the log source. The name can't contain spaces and must be unique among all log sources of the log source type that is configured to use the JDBC protocol.
If the log source collects events from a single appliance that has a static IP address or host name, use the IP address or host name of the appliance as all or part of the Log Source Identifier value; for example, 192.168.1.1 or JDBC192.168.1.1. If the log source doesn't collect events from a single appliance that has a static IP address or host name, you can use any unique name for the Log Source Identifier value; for example, JDBC1, JDBC2.
Database Type Select Oracle or DB2 for the database that you want to use as the event source. Database Name The name of the database to which you want to connect. IP or Hostname The IP address or host name of the IBM Security Governance database server. Port Enter the JDBC port. The JDBC port must match the listener port that is configured on the remote database. The database must permit incoming TCP connections. The valid range is 1 - 65535.
The defaults are:
- MSDE - 1433
- Postgres - 5432
- MySQL - 3306
- Sybase - 1521
- Oracle - 1521
- Informix® - 9088
- DB2® - 50000
If a database instance is used with the MSDE database type, you must leave the Port field blank.
Username A user account for QRadar in the database. Password The password that is required to connect to the database. Predefined Query Select a predefined database query for the log source. If a predefined query is not available for the log source type, administrators can select the none option.
Table Name AUDIT_LOG Select List * Compare Field ID Use Prepared Statements Enable the check box. Start Date and Time The initial date and time for database polling. Polling Interval The amount of time, in seconds, between queries to the database table. The default polling interval is 10 seconds. EPS Throttle The maximum number of events per second that QRadar ingests.
If your data source exceeds the EPS throttle, data collection is delayed. Data is still collected and then it is ingested when the data source stops exceeding the EPS throttle.
The default is 20,000 EPS.
Security Mechanism From the list, select the security mechanism that is supported by your DB2 server. If you don't want to select a security mechanism, select None.
The default is None.
For more information about security mechanisms that are supported by DB2 environments, see the IBM Support website (https://www.ibm.com/support/knowledgecenter/en/SSEPGG_11.1.0/com.ibm.db2.luw.apdv.java.doc/src/tpc/imjcc_cjvjcsec.html)
Use Oracle Encryption Oracle Encryption and Data Integrity settings is also known as Oracle Advanced Security.
If selected, Oracle JDBC connections require the server to support similar Oracle Data Encryption settings as the client.
For more information about configuring JDBC parameters, see c_logsource_JDBCprotocol.html