Pulse Secure Pulse Connect Secure
The IBM® QRadar® DSM for Pulse Secure Pulse Connect Secure collects syslog and WebTrends Enhanced Log File (WELF) formatted events from Pulse Secure Pulse Connect Secure mobile VPN devices.
The following table describes the specifications for the Pulse Secure Pulse Connect Secure
DSM:
| Specification | Value |
|---|---|
| Manufacturer | Pulse Secure |
| DSM name | Pulse Secure Pulse Connect Secure |
| RPM file name | DSM-PulseSecurePulseConnectSecure-QRadar_version-build_number.noarch.rpm |
| Supported versions | 8.2R5 |
| Protocol | Syslog, TLS Syslog |
| Recorded event types |
Admin Authentication System Network Error |
| Automatically discovered? | Yes |
| Includes identity? | Yes |
| Includes custom properties? | Yes |
| More information | Pulse Secure website (https://www.pulsesecure.net) |
To integrate Pulse Secure Pulse Connect Secure with QRadar, complete the following steps:
- If automatic updates are not enabled, RPMs are available for download from the IBM support website (http://www.ibm.com/support). Download and install the most recent version of the Pulse Secure Pulse Connect Secure DSM RPM on your QRadar Console.
- Configure your Pulse Secure Pulse Connect Secure device to send WebTrends Enhanced Log File (WELF) formatted events to QRadar.
- Configure your Pulse Secure Pulse Connect Secure device to send syslog events to QRadar.
- If QRadar does not
automatically detect the log source, add a Pulse Secure Pulse Connect Secure log source on the QRadar Console. The following
tables describe the parameters that require specific values to collect Syslog events from Pulse
Secure Pulse Connect Secure:
Table 2. Pulse Secure Pulse Connect Secure Syslog log source parameters Parameter Value Log Source type Pulse Secure Pulse Connect Secure Protocol Configuration Syslog Log Source Identifier Type a unique identifier for the log source. - Optional. To add a Pulse Secure Pulse Connect Secure log source to receive syslog events from
network devices that support TLS Syslog event forwarding, configure the log source on the QRadar
Console to use the TLS Syslog
protocol. The following table describes the parameters that require specific values to collect TLS Syslog events from Pulse Secure Pulse Connect Secure:
Table 3. Pulse Secure Pulse Connect Secure TLS Syslog log source parameters Parameter Value Log Source type Pulse Secure Pulse Connect Secure Protocol Configuration TLS Syslog Log Source Identifier Type a unique identifier for the log source. TLS Protocols Select the version of TLS that is installed on the client.