VMWare AppDefense API log source parameters for VMware AppDefense
If QRadar does not automatically detect the log source, add a VMware AppDefense log source on the QRadar Console by using the VMWare AppDefense API protocol.
When using the VMWare AppDefense API protocol, there are specific parameters that you must use.
The following table describes the parameters that require specific values to collect VMWare
AppDefense API events from VMware AppDefense:
| Parameter | Value |
|---|---|
| Log Source type | VMware AppDefense |
| Protocol Configuration | VMWare AppDefense API |
| Log Source Identifier |
Type the IP address or host name for the log source as an identifier for events from your VMware AppDefense devices. |
| Endpoint URL | The endpoint URL for accessing VMware AppDefense. Example revision:
https://server_name.vmwaredrx.com/partnerapi/v1/orgs/<organization ID> |
| Authentication Token | A single authentication token that is generated by the AppDefense console and must be used for all API transactions. |
| Use Proxy |
If QRadar accesses the VMWare AppDefense API by using a proxy, enable Use Proxy. If the proxy requires authentication, configure the Hostname, Proxy Port, Proxy Username, and Proxy fields. If the proxy does not require authentication, configure the Hostname and Proxy Port fields. |
| Automatically Acquire Server Certificates | If you choose Yes from the drop down list, QRadar automatically downloads the certificate and begins trusting the target server. If No is selected QRadar does not attempt to retrieve any server certificates. |
| Recurrence | Beginning at the Start Time, type the frequency for how often you want the remote directory to be scanned. Type this value in hours(H), minutes(M), or days(D). For example, 2H if you want the directory to be scanned every 2 hours. The default is 5M. |
| Throttle | The maximum number of events per second. The default is 5000. |