IBM Security Secret Server and QRadar integration

Question & Answer

Question

This course demonstrates integration between IBM Security Secret Server and IBM Security QRadar SIEM. You use Secret Server to manage privileged user account activity, which is reported to QRadar in syslog events.

In the course demonstration, syslog CEF logging is enabled in Secret Server, and QRadar is configured to parse and normalize the events that are received from Secret Server. As part of the course, a custom content extension is provided, which contains over 170 mapped events from the Secret Server. In addition, the extension has one custom rule, two reference sets, two custom search queries, and one log source type named SecretServer_SLA.
The purpose of this custom extension is to show how Secret Server can help you investigate some critical activities.

Duration: 30 Minutes
Follow the link in related information to view the course on the IBM Security Learning Academy

[{"Business Unit":{"code":"BU048","label":"IBM Software"},"Product":{"code":"SS2N2U","label":"IBM Security Verify Privilege"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"All Version","Edition":" ","Line of Business":{"code":"LOB77","label":"Automation Platform"}}]

Log InLog in to view more of this document

This document has the abstract of a technical article that is available to authorized users once you have logged on. Please use Log in button above to access the full document. After log in, if you do not have the right authorization for this document, there will be instructions on what to do next.

Tips

IBM Security Secret Server and QRadar integration

Question & Answer

Question

Log InLog in to view more of this document

Was this topic helpful?

Document Information

UID

Share your feedback

Need support?