Configuring your STEALTHbits StealthINTERCEPT to communicate with QRadar

To collect all audit logs and system events from STEALTHbits StealthINTERCEPT, you must specify IBM QRadar as the syslog server and configure the message format.

Procedure

  1. Log in to your STEALTHbits StealthINTERCEPT server.
  2. Start the Administration Console.
  3. Click Configuration > Syslog Server.
  4. Configure the following parameters:
    Table 1. Syslog parameters

    Parameter

    Description
    Host Address

    The IP address of the QRadar Console
    Port 514
  5. Click Import mapping file.
  6. Select the SyslogLeefTemplate.txt file and press Enter.
  7. Click Save.
  8. On the Administration Console, click Actions.
  9. Select the mapping file that you imported, and then select the Send to Syslog check box.

    Leave the Send to Events DB check box selected. StealthINTERCEPT uses the events database to generate reports.

  10. Click Add.