alerts forwarding to IBM Qradar SIEM are not parsing

Shekhar · December 2018

Hi

I am forwaring F secure PM alerts and notifications to IBM Qradar SIEM over syslog but events which are recievied to IBM Qradar are unparsed. Kindly let me know whether we can resolve this from F secure side or Can I check with IBM support.

Thanks

MJ-perComp · December 2018

Hi,

do you see the syslog entries from PMS on the SIEM box?

if yes: the problem is inside SIEM, contact IBM.
else: what are your syslog settings in PMS?

Shekhar · December 2018

yes we are able to see the logs at SIEM we will check wih IBM

Tomasz_009 · February 2019

Hello,

We also sending event from F-Secure to QRadar. Event aren't parsing so you need create own DSM for this events - if I good know, IBM don't have native DSM for F-Secure events.

alerts forwarding to IBM Qradar SIEM are not parsing

Best Answer

Comments