Using QRadar with the SNS DSM
- Log in to your IBM QRadar console.
- In the Log Activity menu, click on New Search.
- Fill in the various fields of the search form:
- Parameter field: select Log Source Type,
- Operator field: select Equals,
- Value field: select Stormshield Network Security.
- Confirm by clicking on Add Filter.
- Click on Search.
Stormshield logs will appear in the grid.
There are two limitations in version 1.0.0 of the SNS DSM:
- IPv6 values are not taken into account.
- Only standard QRadar fields are used; custom properties to filter by vendor-specific values are not available.
The Stormshield DSM provides the values of the following QRadar standard properties:
Following events are categorised by QRadar:
- Connections Pass or Block,
- Firewall and proxies,
- Filter policy,
- Alarms (IPS Permit or Deny),
- Virus detection,
- Sandboxing detection,
- Authentication errors,
- System events.
If you encounter issues while installing or using the Stormshield Network Security DSM on the IBM QRadar platform, feel free to get in touch with Stormshield technical support.