SecurID^® Discussions

ArKarOo · ‎2015-09-21

I am involved in a project that uses above products and need to forward AM 8.1 virtual appliance logs to qradar siem. I haven't found any updated guide on achieving this here and at IBM guide. May I know if anyone has configuration guide to achieve this integration?

JamesMandelbaum · ‎2016-01-20

If you log in to the Security Console and go to the menus: Setup ->System Setup -> Logging ;you will be able to select the instance you want to configure and provide the IP Address of the QRadar server for the syslog to go.

You can do this for each replica and they can all go to the same server or different servers based on your needs.

View solution in original post

JamesMandelbaum · ‎2016-01-20

If you log in to the Security Console and go to the menus: Setup ->System Setup -> Logging ;you will be able to select the instance you want to configure and provide the IP Address of the QRadar server for the syslog to go.

You can do this for each replica and they can all go to the same server or different servers based on your needs.

JochenHoffmann · ‎2016-01-21

Hi,

additionally, you may consider using SNMP for monitoring / alerting purposes: logon to Security Console using an account w/ administrative permissions and select "Setup > System Settings > Network Monitoring (SNMP)". Please keep in mind, AM 8.x uses SNMP v3 with authentication & authorization.

Cheers,

Jochen.

SecurID® Discussions

integrating AM 8.1 with QRadar SIEM 7.2.5

SecurID^® Discussions