alerts forwarding to IBM Qradar SIEM are not parsing

ShekharShekhar Posts: 5
in Business Security

Hi

I am forwaring F secure PM alerts and notifications to IBM Qradar SIEM over syslog but events which are recievied to IBM Qradar are unparsed. Kindly let me know whether we can resolve this from F secure side or Can I check with IBM support.

 

Thanks

Like

Best Answer

  • MJ-perCompMJ-perComp Posts: 1,098 Superuser
    Accepted Answer

    Hi,

    do you see the syslog entries from PMS on the SIEM box?

    if yes: the problem is inside SIEM, contact IBM.
    else: what are your syslog settings in PMS?

    Shekhar
    1Like

Comments

  • ShekharShekhar Posts: 5

    yes we are able to see the logs at SIEM we will check wih IBM

    Like
  • Tomasz_009Tomasz_009 Posts: 1

    Hello,

     

    We also sending event from F-Secure to QRadar. Event aren't parsing so you need create own DSM for this events - if I good know, IBM don't have native DSM for F-Secure events.

    Like
This discussion has been closed.

Other Links

F-Secure - For Home F-Secure - For Business F-Secure - For Partners

Visit the Community

Check our Forums or How-to & FAQs for advice or answers Help Forums How-to & FAQs

View User Guides

Refer to our getting started guides and product manuals F-Secure User Guides

Get Support

Talk to our Support and get answers to your questions F-Secure Support
© F-Secure 2020 | Terms and Conditions | Privacy Policy