Alert data source type configuration

To configure alert collection from third-party devices, you need to complete configuration tasks on the third-party device, add a data source and configure the connectors for the data source type in the QRadar® platform. The key components that work together to collect events from third-party devices are data sources and data source types.

Alert data source type

An alert data source type is a code module that parses received alerts from multiple data sources and converts them to a standard taxonomy format that can be displayed as output. Each data source has a corresponding data source type. For example, a CrowdStrike data source type parses and normalizes alerts from a CrowdStrike data source.

Third-party device installation process

To collect alerts from a third-party device, you must complete installation and configuration steps on both the data source device and in the QRadar platform.

The following steps represent a typical installation process:
  1. Read the specific instructions for how to integrate your third-party device.
  2. Configure the third-party device to send alerts.
  3. Add a data source. For more information, see Adding ingestion data sources.