Configuring a Cisco IronPort and Cisco WSA data source by using the Syslog connector
You can configure a data source in IBM® Security QRadar® Log Insights so that the Cisco IronPort Appliance and Cisco Web Security Appliance (WSA) can communicate with QRadar Log Insights by using the Syslog connector.
|Data source type||Cisco IronPort|
|Data source identifier||The IPv4 address or host name that identifies the log source.
If your network contains multiple devices that are attached to a single management console, specify the IP address of the individual device that created the event. A unique identifier, such as an IP address, prevents event searches from identifying the management console as the source for all of the events.
For more information about adding a data source in QRadar Log Insights, see Adding ingestion data sources.