Configuring your STEALTHbits File Activity Monitor to communicate with QRadar

To collect events from STEALTHbits File Activity Monitor, you must specify IBM QRadar as the Syslog server and configure the message format.

Procedure

  1. Log in to the server that runs STEALTHbits File Activity Monitor.
  2. Select the Monitored Hosts tab.
  3. Select a monitored host and click Edit to open the host's properties window.
  4. Select the Syslog tab and configure the following parameters:

    Parameter

    Description

    Bulk Syslog server in SERVER[:PORT] format

    <QRadar event collector IP address>:514

    Example: 192.0.2.1:514

    <qradarhostname>:514

    Syslog message template file path

    SyslogLeefTemplate.txt

    The template is stored in the STEALTHbits File Activity Monitor Install Directory
  5. Click OK.