Kemp Support, how can we help?

The latest application delivery knowledge and expertise at your fingertips.

ADS and IBM QRadar integration

 

Information

 

Summary:

This article describes two different ways of integration between ADS and Qradar.

Environment:

Product: Flowmon ADS

Version: Any

Platform: Any

Question/Problem Description:

How to proceed with ADS and Qradar integration?

Steps to Reproduce:  
Error Message:  
Defect Number:  
Enhancement Number:  
Cause:  
Resolution:
  1. Flowmon QRadar App
    Flowmon Application for QRadar is an extension connecting IBM QRadar with events from Flowmon ADS Solution. Flowmon Application was build with our best practices in mind: it's easy to use, offers intuitive drill-down from dashboard down to the individual flows to quickly resolve issues and to uncover malicious and suspicious behavior. It enables to view flows and events right in the QRadar without having to switch between two different interfaces while simultaneously taking advantage of the power of Flowmon Solution. This seamless integration is achieved by leveraging Flowmon REST API and syslog message standard. QRadar connector and correlation rules are pre-configured in an installation package.

    The QRadar App, compatible with the latest ADS (12+) and QRadar releases (7.3.0+), has yet to be approved by IBM. 

  2. Flowmon ADS Content Pack

    The package includes connector (DSM) and log correlation rule sets. Functionality of this package is based on integration using syslog.

    New correlation rules are installed in the background. These were prepared based on our customers experience and best practices.

    The Device Support Module (DSM) was created for logs from Flowmon ADS with properties and event mapping to IBM QRadar categories.

    https://exchange.xforce.ibmcloud.com/hub/extension/ba24211f9f0de0f7503a4bf09f82dc16


    Documentation
    https://docs.progress.com/en-US/bundle/progress-flowmon-ads-content-pack-user-guide/page/topics/ADS-content-pack-user-guide/Introduction.html
Workaround:  
Notes:  

Was this article helpful?
0 out of 0 found this helpful

Comments