<< PREVIOUSNEXT >>

CONFIGURE LOG SOURCE

1. Navigate to the Admin tab

   

2. Navigate to Data Sources > Events. Click Log Sources

   

3. Double-click on the Log Source Virsec Security Platform

   

4. Configure the log source as described below:

   1. If QRadar Log Source Management app is NOT installed, configure the below parameter:

      1. Log Source Identifier – Provide the VSP CMS IP Address OR the IP Address from where QRadar receives the notifications

      2. Target Event Collector – For QRadar on Cloud, provide the on-premise data gateway from the dropdown

      3. Parameters such as Listen Port, Communication Type can also be modified if required

      4. Click Save

         

   2. If QRadar Log Source Management app is installed, a pop-up window is displayed. Click Launch

      

      1. Click Log Sources

         

      2. Search for Virsec Security Platform and press enter. Select the listed entry

         

      3. Select the tab Protocol

         

      4. Click Edit

         

      5. Log Source Identifier - Provide the CMS IP address OR the IP Address from where QRadar receives the notifications

      6. Parameters such as Listen Port, Communication Type can also be modified if required. It is recommended to change only the IP address and retain the default values for other parameters

         

      7. Click Save

         

5. On the Admin tab of the QRadar SIEM console, click Deploy Changes to activate the newly configured log source

6. Depending on the environment, IP Table modifications may be required on the QRadar instance OR data collector to allow the configured Listen Port

<< PREVIOUSNEXT >>