QRadar: Snare hostname in syslog header and log source name

Question & Answer

Question

How does QRadar determine the Log Source identifier of Snare events?

Answer

We look for an IP or Hostname in the syslog header. You can configure SNARE to insert the desired IP or Hostname with the following process:

Open SNARE for Windows, select network configuration and override detected DNS Name with: IP or Hostname.
This will be the value that Snare uses in the syslog header.

Where do you find more information?

[{"Product":{"code":"SSBQAC","label":"IBM Security QRadar SIEM"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Component":"Integrations - 3rd Party","Platform":[{"code":"PF033","label":"Windows"}],"Version":"7.1;7.2","Edition":"","Line of Business":{"code":"LOB24","label":"Security Software"}}]

Tips

QRadar: Snare hostname in syslog header and log source name

Question & Answer

Question

Answer

Was this topic helpful?

Document Information

UID

Share your feedback

Need support?